CVE-2023-25261 — CRITICAL (9.8)

Vulnerability Description

Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft Designer (Web) 2023.1.3 and Stimulsoft Viewer (Web) 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include source code which reads or writes local directories and files. It is also possible for the attacker to prepare a report which has a variable that holds the gathered data and render it in the report.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Stimulsoft	Designer	2023.1
Stimulsoft	Viewer	2023.1.3

Related Weaknesses (CWE)

CWE-94

References

http://stimulsoft.comVendor Advisory
https://cloud-trustit.spp.at/s/Rskwb3jKXQQsJy2Broken Link
https://cves.at/posts/cve-2023-25261/writeup/Third Party Advisory
http://stimulsoft.comVendor Advisory
https://cloud-trustit.spp.at/s/Rskwb3jKXQQsJy2Broken Link
https://cves.at/posts/cve-2023-25261/writeup/Third Party Advisory

FAQ

What is CVE-2023-25261?

CVE-2023-25261 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft Designer (Web) 2023.1.3 and Stimulsoft Viewer (Web) 2023.1.3...

How severe is CVE-2023-25261?

CVE-2023-25261 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-25261?

Check the references section above for vendor advisories and patch information. Affected products include: Stimulsoft Designer, Stimulsoft Viewer.