CVE-2025-57644 — CRITICAL (9.1)

Vulnerability Description

Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write and server-side request forgery (SSRF), enabling interaction with internal or external systems. Successful exploitation can lead to full server compromise, unauthorized access to sensitive data, and further network exploitation.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Accela	Automation Platform	22.2.3.0.230103

Related Weaknesses (CWE)

CWE-20 CWE-22 CWE-918 CWE-94

References

https://medium.com/@anvarkh/cve-2025-57644-remote-code-execution-ssrf-in-accela-MitigationThird Party Advisory
https://www.accela.comProduct

FAQ

What is CVE-2025-57644?

CVE-2025-57644 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting i...

How severe is CVE-2025-57644?

CVE-2025-57644 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-57644?

Check the references section above for vendor advisories and patch information. Affected products include: Accela Automation Platform.