CVE-2025-45854 | THREATINT

Description

/server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams.

PUBLISHED Reserved 2025-04-22 | Published 2025-06-03 | Updated 2025-08-26 | Assigner mitre

CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-862 Missing Authorization

Product status

Default status

unknown

2.0.1 (custom)

affected

References

gitee.com/jehc/JEHC-BPM

gist.github.com/Cafe-Tea/bc14b38f4bfd951de2979a24c3358460

web.archive.org/...c14b38f4bfd951de2979a24c3358460/revisions

cve.org (CVE-2025-45854)

nvd.nist.gov (CVE-2025-45854)

Download JSON

help @ threatint.eu