CVE-2025-67031

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

15/05/2026

Last modified:

15/05/2026

Description

ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field configurations accept values beginning with the prefix "func:" which are passed directly into an eval() call inside tagsets/participant.php and tagsets/options.php.

Impact

References to Advisories, Solutions, and Tools

https://github.com/orsee/orsee/archive/refs/tags/orsee_3.1.0.zip
https://medium.com/@erabhishekshroti/cve-2025-67031-remote-code-execution-in-orsee-3-1-0-2bfc71d6d5eb