CVE-2025-5680 | Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0 Groovy Script SysScriptController.java executeScript script deserialization (ICAPT5)

Inserito da Angelo Barbosa | Giu 4, 2025 | CVE

A vulnerability classified as critical was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected by this vulnerability is the function executeScript of the file /src/main/java/com/dstz/sys/rest/controller/SysScriptController.java of the component Groovy Script Handler. The manipulation of the argument script leads to deserialization.

This vulnerability is known as CVE-2025-5680. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2025-5680 | Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0 Groovy Script SysScriptController.java executeScript script deserialization (ICAPT5)

Post correlati

CVE-2023-35867 | Bosch BVMS API Answer unknown vulnerability

CVE-2024-6656 | TNB Mobile Solutions Cockpit Software up to 2.12 hard-coded credentials

CVE-2024-27120 | Celsius Benelux ComfortKey up to 24.1.1 file inclusion

CVE-2024-7788 | Document Foundation LibreOffice up to 24.2.4 Zip Repair Mode signature verification