← Back to CVEs
CVE-2025-57644
CRITICAL9.1
Description
Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write and server-side request forgery (SSRF), enabling interaction with internal or external systems. Successful exploitation can lead to full server compromise, unauthorized access to sensitive data, and further network exploitation.
CVE Details
CVSS v3.1 Score9.1
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredHIGH
User InteractionNONE
Published9/19/2025
Last Modified10/17/2025
Sourcenvd
Honeypot Sightings0
Affected Products
accela:automation_platform
Weaknesses (CWE)
CWE-20CWE-22CWE-94CWE-918
References
https://medium.com/@anvarkh/cve-2025-57644-remote-code-execution-ssrf-in-accela-eedc6bc4adfb(cve@mitre.org)
https://www.accela.com(cve@mitre.org)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.