CVE-2025-64408 | Apache Causeway up to 3.4.0/4.0.0-M1 URL Parameter deserialization

Inserito da Angelo Barbosa | Nov 19, 2025 | CVE

A vulnerability categorized as critical has been discovered in Apache Causeway up to 3.4.0/4.0.0-M1. This affects an unknown part of the component URL Parameter Handler. The manipulation results in deserialization.

This vulnerability was named CVE-2025-64408. The attack may be performed from remote. There is no available exploit.

It is advisable to upgrade the affected component.

CVE-2025-64408 | Apache Causeway up to 3.4.0/4.0.0-M1 URL Parameter deserialization

Post correlati

CVE-2023-35907 | IBM Aspera Faspex up to 5.0.10 User Account weak password

CVE-2025-1187 | code-projects Police FIR Record Management System 1.0 Delete Record stack-based overflow

CVE-2024-36408 | SalesAgility SuiteCRM up to 7.14.3/8.6.0 Alerts Controller sql injection (GHSA-2g8f-gjrr-x5cg)

CVE-2025-26367 | Nozomi Q-Free MaxTime up to 2.11.0 HTTP routes.lua authorization