CVE-2023-25261

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

27/03/2023

Last modified:

19/02/2025

Description

Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft Designer (Web) 2023.1.3 and Stimulsoft Viewer (Web) 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include source code which reads or writes local directories and files. It is also possible for the attacker to prepare a report which has a variable that holds the gathered data and render it in the report.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 9.80 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

9.80

Severity 3.x

CRITICAL

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:stimulsoft:designer:2023.1::::desktop:::
cpe:2.3:a:stimulsoft:designer:2023.1.3::::web:::
cpe:2.3:a:stimulsoft:designer:2023.1.4::::web:::
cpe:2.3:a:stimulsoft:viewer:2023.1.3::::web:::
cpe:2.3:a:stimulsoft:viewer:2023.1.4::::web:::

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:a:stimulsoft:designer:2023.1::::desktop:::
cpe:2.3:a:stimulsoft:designer:2023.1.3::::web:::
cpe:2.3:a:stimulsoft:designer:2023.1.4::::web:::
cpe:2.3:a:stimulsoft:viewer:2023.1.3::::web:::
cpe:2.3:a:stimulsoft:viewer:2023.1.4::::web:::

CVE-2023-25261

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools