Home

Description

Maple versions up to and including 13's Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers to craft malicious .maplet files that execute arbitrary code without user interaction.

PUBLISHED Reserved 2025-08-20 | Published 2025-08-21 | Updated 2025-08-22 | Assigner VulnCheck




HIGH: 8.4CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

Default status
unaffected

*
affected

Credits

scriptjunkie finder

References

www.maplesoft.com/products/maple/ product

www.exploit-db.com/exploits/16308 exploit

raw.githubusercontent.com/...ulti/fileformat/maple_maplet.rb exploit

www.juniper.net/...tail.HTTP:MISC:MAPLE-MAPLET-CMD-EXEC.html third-party-advisory

www.vulncheck.com/...-maplet-file-creation-command-execution third-party-advisory

cve.org (CVE-2010-20120)

nvd.nist.gov (CVE-2010-20120)

Download JSON