CVE-2025-5680
Shenzhen Dashi Tongzhou Information Technology AgileBPM Groovy Script SysScriptController.java executeScript deserialization
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Shenzhen Dashi Tongzhou Information Technology AgileBPM Groovy Script SysScriptController.java executeScript deserialization
A vulnerability classified as critical was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected by this vulnerability is the function executeScript of the file /src/main/java/com/dstz/sys/rest/controller/SysScriptController.java of the component Groovy Script Handler. The manipulation of the argument script leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
In Shenzhen Dashi Tongzhou Information Technology AgileBPM bis 2.5.0 wurde eine kritische Schwachstelle entdeckt. Betroffen ist die Funktion executeScript der Datei /src/main/java/com/dstz/sys/rest/controller/SysScriptController.java der Komponente Groovy Script Handler. Durch Beeinflussen des Arguments script mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
| 2025-06-04: | Advisory disclosed |
| 2025-06-04: | VulDB entry created |
| 2025-06-04: | VulDB entry last update |
VulDB Gitee Analyzer
vuldb.com/?id.311167 (VDB-311167 | Shenzhen Dashi Tongzhou Information Technology AgileBPM Groovy Script SysScriptController.java executeScript deserialization)
vuldb.com/?ctiid.311167 (VDB-311167 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/?submit.585108 (Submit #585108 | https://www.tongzhouyun.com/ https://gitee.com/agile-bpm/agile-bpm-basic v2.8 (the latest version code submitted as of 20250526) Code Injection)
gitee.com/agile-bpm/agile-bpm-basic/issues/ICAPT5
Support options
