Vulnerability Description
Cap Collectif is an online decision making platform that integrates several tools. Before commit 812f2a7d271b76deab1175bdaf2be0b8102dd198, the `DebateAlternateArgumentsResolver` deserializes a `Cursor`, allowing any classes and which can be controlled by unauthenticated user. Exploitation of this vulnerability can lead to Remote Code Execution. The vulnerability is fixed in commit 812f2a7d271b76deab1175bdaf2be0b8102dd198.
Related Weaknesses (CWE)
References
- https://github.com/cap-collectif/cap-collectif/commit/812f2a7d271b76deab1175bdaf
- https://github.com/cap-collectif/cap-collectif/security/advisories/GHSA-hf7r-rjh
FAQ
What is CVE-2025-47292?
CVE-2025-47292 is a documented vulnerability. Cap Collectif is an online decision making platform that integrates several tools. Before commit 812f2a7d271b76deab1175bdaf2be0b8102dd198, the `DebateAlternateArgumentsResolver` deserializes a `Cursor...
How severe is CVE-2025-47292?
CVSS scoring is not yet available for CVE-2025-47292. Check NVD for updates.
Is there a patch for CVE-2025-47292?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.