CVE-2025-57644

CVSS 9.1 CRITICALEPSS 0.7%CWE-20 CWE-22 CWE-918 CWE-94

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.1EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

19 Sep 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write and server-side request forgery (SSRF), enabling interaction with internal or external systems. Successful exploitation can lead to full server compromise, unauthorized access to sensitive data, and further network exploitation.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://medium.com/@anvarkh/cve-2025-57644-remote-code-execution-ssrf-in-accela-eedc6bc4adfb https://www.accela.com