Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-54466

Good to know:

icon

Date: August 15, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin before 24.09.02

Severity Score

Related Resources (9)

http://www.openwall.com/lists/oss-security/2025/08/05/1
https://seclists.org/oss-sec/2025/q3/76
https://ofbiz.apache.org/download.html
https://nvd.nist.gov/vuln/detail/CVE-2025-54466
https://lists.apache.org/thread/14d0yd9co9gx2mctd3vyz1cc8d39n915
https://ofbiz.apache.org/release-notes-24.09.02.html
https://issues.apache.org/jira/browse/OFBIZ-13276
https://ofbiz.apache.org/security.html
https://www.mend.io/vulnerability-database/CVE-2025-54466

Severity Score

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

Top Fix

icon

Upgrade Version

Upgrade to version https://github.com/apache/ofbiz-plugins.git - release24.09.02

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

Do you need more information?

Contact Us