Home > Vulnerability Database > CVE-2025-66214

Mend.io Vulnerability Database

CVE-2025-66214

Good to know:

Date: December 9, 2025

Ladybug adds message-based debugging, unit, system, and regression testing to Java applications. Versions prior to 3.0-20251107.114628 contain the APIs /iaf/ladybug/api/report/{storage} and /iaf/ladybug/api/report/upload, which allow uploading gzip-compressed XML files with user-controllable content. The system deserializes these XML files, enabling attackers to achieve Remote Code Execution (RCE) by submitting carefully crafted XML payloads and thereby gain access to the target server. This issue is fixed in version 3.0-20251107.114628.

Severity Score

8.8

Related Resources (3)

Url: https://github.com/wearefrank/ladybug/security/advisories/GHSA-f9fh-r3cv-398f

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-66214

Url: https://www.mend.io/vulnerability-database/CVE-2025-66214

Severity Score

8.8

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-66214

Good to know:

Date: December 9, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?