CVE-2025-12140

Vulnerability Description

The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution. This issue was fixed in version wu#2016.1.5513#0#20251014_113353

Related Weaknesses (CWE)

CWE-95

References

https://cert.pl/posts/2025/11/CVE-2025-12140/

FAQ

What is CVE-2025-12140?

CVE-2025-12140 is a documented vulnerability. The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters...

How severe is CVE-2025-12140?

CVSS scoring is not yet available for CVE-2025-12140. Check NVD for updates.

Is there a patch for CVE-2025-12140?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.