Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-3984

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-27 Apr, 2025 | 20:00
Updated At-28 Apr, 2025 | 18:09
Rejected At-
Credits

Apereo CAS Groovy Code RegisteredServiceSimpleFormController.java saveService code injection

A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component Groovy Code Handler. The manipulation leads to code injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:27 Apr, 2025 | 20:00
Updated At:28 Apr, 2025 | 18:09
Rejected At:
▼CVE Numbering Authority (CNA)
Apereo CAS Groovy Code RegisteredServiceSimpleFormController.java saveService code injection

A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component Groovy Code Handler. The manipulation leads to code injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Products
Vendor
Apereo
Product
CAS
Modules
  • Groovy Code Handler
Versions
Affected
  • 5.2.6
Problem Types
TypeCWE IDDescription
CWECWE-94Code Injection
CWECWE-74Injection
Type: CWE
CWE ID: CWE-94
Description: Code Injection
Type: CWE
CWE ID: CWE-74
Description: Injection
Metrics
VersionBase scoreBase severityVector
4.02.3LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3.15.0MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
3.05.0MEDIUM
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
2.04.6N/A
AV:N/AC:H/Au:S/C:P/I:P/A:P
Version: 4.0
Base score: 2.3
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Version: 3.1
Base score: 5.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 3.0
Base score: 5.0
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 2.0
Base score: 4.6
Base severity: N/A
Vector:
AV:N/AC:H/Au:S/C:P/I:P/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
caichaoxiong (VulDB User)
Timeline
EventDate
Advisory disclosed2025-04-26 00:00:00
VulDB entry created2025-04-26 02:00:00
VulDB entry last update2025-04-26 10:12:13
Event: Advisory disclosed
Date: 2025-04-26 00:00:00
Event: VulDB entry created
Date: 2025-04-26 02:00:00
Event: VulDB entry last update
Date: 2025-04-26 10:12:13
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.306320
vdb-entry
technical-description
https://vuldb.com/?ctiid.306320
signature
permissions-required
https://vuldb.com/?submit.557100
third-party-advisory
https://wx.mail.qq.com/s?k=ilW4ixcMaVgGU49Dij
exploit
Hyperlink: https://vuldb.com/?id.306320
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.306320
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.557100
Resource:
third-party-advisory
Hyperlink: https://wx.mail.qq.com/s?k=ilW4ixcMaVgGU49Dij
Resource:
exploit
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:27 Apr, 2025 | 20:15
Updated At:29 Apr, 2025 | 13:52

A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component Groovy Code Handler. The manipulation leads to code injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.02.3LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.15.0MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Secondary2.04.6MEDIUM
AV:N/AC:H/Au:S/C:P/I:P/A:P
Type: Secondary
Version: 4.0
Base score: 2.3
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 5.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:N/AC:H/Au:S/C:P/I:P/A:P
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-74Primarycna@vuldb.com
CWE-94Primarycna@vuldb.com
CWE ID: CWE-74
Type: Primary
Source: cna@vuldb.com
CWE ID: CWE-94
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://vuldb.com/?ctiid.306320cna@vuldb.com
N/A
https://vuldb.com/?id.306320cna@vuldb.com
N/A
https://vuldb.com/?submit.557100cna@vuldb.com
N/A
https://wx.mail.qq.com/s?k=ilW4ixcMaVgGU49Dijcna@vuldb.com
N/A
Hyperlink: https://vuldb.com/?ctiid.306320
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?id.306320
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?submit.557100
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://wx.mail.qq.com/s?k=ilW4ixcMaVgGU49Dij
Source: cna@vuldb.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

8Records found
CVE-2016-5424
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-1.61% / 81.02%
||
7 Day CHG~0.00%
Published-09 Dec, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.

Action-Not Available
Vendor-n/aThe PostgreSQL Global Development GroupDebian GNU/Linux
Product-debian_linuxpostgresqln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-38745
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.54% / 80.64%
||
7 Day CHG~0.00%
Published-21 Mar, 2022 | 20:39
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.

Action-Not Available
Vendor-chamilon/a
Product-chamilon/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5492
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-1.31% / 78.94%
||
7 Day CHG~0.00%
Published-17 Oct, 2007 | 19:00
Updated-07 Aug, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Static code injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter.

Action-Not Available
Vendor-sitebarn/a
Product-sitebarn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-3630
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-4.6||MEDIUM
EPSS-63.95% / 98.35%
||
7 Day CHG~0.00%
Published-01 Nov, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-3239
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-12.33% / 93.62%
||
7 Day CHG~0.00%
Published-26 Apr, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.

Action-Not Available
Vendor-n/aphpMyAdmin
Product-phpmyadminn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-0204
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.48% / 64.36%
||
7 Day CHG~0.00%
Published-04 Jun, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings.

Action-Not Available
Vendor-n/aownCloud GmbH
Product-owncloud_servern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-7578
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-2.3||LOW
EPSS-1.53% / 80.56%
||
7 Day CHG~0.00%
Published-14 Jul, 2025 | 06:02
Updated-15 Jul, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Teledyne FLIR FB-Series O/FLIR FH-Series ID runcmd.sh sendCommand command injection

A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16. It has been declared as critical. This vulnerability affects the function sendCommand of the file runcmd.sh. The manipulation of the argument cmd leads to command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The researcher highlights, that "[a]lthough this functionality is currently disabled due to server CGI configuration errors, it is essentially a 'time bomb' waiting to be activated". The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Teledyne
Product-FLIR FB-Series OFLIR FH-Series ID
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-17558
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-94.47% / 100.00%
||
7 Day CHG+0.02%
Published-30 Dec, 2019 | 16:36
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).

Action-Not Available
Vendor-n/aOracle CorporationThe Apache Software Foundation
Product-solrprimavera_unifierApache SolrSolr
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Details not found