CVE-2025-5679 | Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0 SysToolsController.java parseStrByFreeMarker str deserialization (ICAQWG)

Inserito da Angelo Barbosa | Giu 4, 2025 | CVE

A vulnerability classified as critical has been found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected is the function parseStrByFreeMarker of the file /src/main/java/com/dstz/sys/rest/controller/SysToolsController.java. The manipulation of the argument str leads to deserialization.

This vulnerability is traded as CVE-2025-5679. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2025-5679 | Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0 SysToolsController.java parseStrByFreeMarker str deserialization (ICAQWG)

Post correlati

CVE-2024-33439 | Kasda LinkSmart Router KW5515 up to 1.7 CGI os command injection

CVE-2024-3740 | cym1102 nginxWebUI up to 3.9.9 /adminPage/conf/reload exec nginxExe deserialization

CVE-2024-31492 | Fortinet FortiClientMac up to 7.0.10/7.2.3 Configuration File /tmp file inclusion (FG-IR-23-345)

CVE-2024-10521 | Cimatti Contact Forms Plugin up to 1.9.2 on WordPress process_bulk_action cross-site request forgery