CVE-2025-40592
CVE-2025-40592
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.6EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
12 Jun 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix Studio Pro 10.12 (All versions < V10.12.17), Mendix Studio Pro 10.18 (All versions < V10.18.7), Mendix Studio Pro 10.6 (All versions < V10.6.24), Mendix Studio Pro 11 (All versions < V11.0.0), Mendix Studio Pro 8 (All versions < V8.18.35), Mendix Studio Pro 9 (All versions < V9.24.35). A zip path traversal vulnerability exists in the module installation process of Studio Pro. By crafting a malicious module and distributing it via (for example) the Mendix Marketplace, an attacker could write or modify arbitrary files in directories outside a developer’s project directory upon module installation.
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
Affected products
Siemens · Mendix Studio Pro 10Siemens · Mendix Studio Pro 10.12Siemens · Mendix Studio Pro 10.18Siemens · Mendix Studio Pro 10.6Siemens · Mendix Studio Pro 11Siemens · Mendix Studio Pro 8Siemens · Mendix Studio Pro 9Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →