CVE-2025-47292

Severity CVSS v4.0:
CRITICAL
Type:
CWE-502 Deserialization of Untrusted Dat
Publication date:
14/05/2025
Last modified:
16/05/2025

Description

Cap Collectif is an online decision making platform that integrates several tools. Before commit 812f2a7d271b76deab1175bdaf2be0b8102dd198, the `DebateAlternateArgumentsResolver` deserializes a `Cursor`, allowing any classes and which can be controlled by unauthenticated user. Exploitation of this vulnerability can lead to Remote Code Execution. The vulnerability is fixed in commit 812f2a7d271b76deab1175bdaf2be0b8102dd198.