Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

CVE-2025-5679

UNKNOWN

Published 2025-06-05T19:00:23.242Z

Actions:

CVSS Score

V3.1

6.3

/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Base Score Metrics

Exploitability: N/A Impact: N/A

Attack Vector Metrics

Attack Vector

Not Available

Attack Complexity

Not Available

Privileges Required

Not Available

User Interaction

Not Available

Scope

Not Available

Impact Metrics

Confidentiality

Not Available

Integrity

Not Available

Availability

Not Available

Description

A vulnerability classified as critical has been found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected is the function parseStrByFreeMarker of the file /src/main/java/com/dstz/sys/rest/controller/SysToolsController.java. The manipulation of the argument str leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Shenzhen Dashi Tongzhou Information Technology

AgileBPM

Affected Versions:

2.0 2.1 2.2 2.3 2.4 2.5.0

References

https://vuldb.com/?id.311166

https://vuldb.com/?ctiid.311166

https://vuldb.com/?submit.585127

https://gitee.com/agile-bpm/agile-bpm-basic/issues/ICAQWG

Published: 2025-06-05T19:00:23.242Z

Last Modified: 2025-06-05T19:00:23.242Z

Copied to clipboard!