CVE-2025-5680 | Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0 Groovy Script SysScriptController.java executeScript script deserialization (ICAPT5)

Inserito da Angelo Barbosa | Giu 4, 2025 | CVE

A vulnerability classified as critical was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected by this vulnerability is the function executeScript of the file /src/main/java/com/dstz/sys/rest/controller/SysScriptController.java of the component Groovy Script Handler. The manipulation of the argument script leads to deserialization.

This vulnerability is known as CVE-2025-5680. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2025-5680 | Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0 Groovy Script SysScriptController.java executeScript script deserialization (ICAPT5)

Post correlati

CVE-2024-32465 | Git path traversal

CVE-2024-27282 | Ruby up to 3.0.6/3.1.4/3.2.3/3.3.0 Regex Search heap-based overflow

CVE-2024-6110 | itsourcecode Magbanua Beach Resort Online Reservation System up to 1.0 controller.php image unrestricted upload

CVE-2023-50342 | HCL DRYiCE MyXalytics 5.9/6.0/6.1 resource injection (KB0109608)