Home

Description

The "system" function receives untrusted input from the user. If the "EnableJSCaching" option is enabled, it is possible to execute arbitrary code provided as the "Module" parameter.

PUBLISHED Reserved 2025-03-14 | Published 2025-08-27 | Updated 2025-08-27 | Assigner CERT-PL




CRITICAL: 9.0CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

Default status
unaffected

Any version before 2024.MS4
affected

Credits

Maciej Kazulak finder

References

cert.pl/en/posts/2025/08/CVE-2025-2313/

cve.org (CVE-2025-30055)

nvd.nist.gov (CVE-2025-30055)

Download JSON