CVE-2025-3600 | THREATINT

Description

In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service.

PUBLISHED Reserved 2025-04-14 | Published 2025-05-14 | Updated 2025-08-27 | Assigner ProgressSoftware

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Product status

Default status

unaffected

2011.2.712 (custom) before 2025.1.416

affected

Credits

Piotr Bazydlo (@chudyPB) of watchTowr finder

References

www.telerik.com/...-security-unsafe-reflection-cve-2025-3600 vendor-advisory

cve.org (CVE-2025-3600)

nvd.nist.gov (CVE-2025-3600)

Download JSON