CVE-2025-57644

CVSS 9.1 CRITICALEPSS 0.7%CWE-20 CWE-22 CWE-918 CWE-94

Vexday Risk Score

28Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 9.1EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

19 set 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write and server-side request forgery (SSRF), enabling interaction with internal or external systems. Successful exploitation can lead to full server compromise, unauthorized access to sensitive data, and further network exploitation.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Produtos afetados

n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://medium.com/@anvarkh/cve-2025-57644-remote-code-execution-ssrf-in-accela-eedc6bc4adfb https://www.accela.com