← Retour aux CVEs
CVE-2025-57644
CRITICAL9.1
Description
Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write and server-side request forgery (SSRF), enabling interaction with internal or external systems. Successful exploitation can lead to full server compromise, unauthorized access to sensitive data, and further network exploitation.
Details CVE
Score CVSS v3.19.1
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisHIGH
Interaction utilisateurNONE
Publie9/19/2025
Derniere modification10/17/2025
Sourcenvd
Observations honeypot0
Produits affectes
accela:automation_platform
Faiblesses (CWE)
CWE-20CWE-22CWE-94CWE-918
References
https://medium.com/@anvarkh/cve-2025-57644-remote-code-execution-ssrf-in-accela-eedc6bc4adfb(cve@mitre.org)
https://www.accela.com(cve@mitre.org)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.