Ladybug adds message-based debugging, unit, system, and regression testing to Java applications. Versions prior to 3.0-20251107.114628 contain the API

JAVA

12-12-2025 16:16

CVE-2025-66214 Vulnerabilidad documentada

Sin puntuación

Tags

#java

#test

#server

#add

#application

#/epo(.*)5.10/iU

#epo 5.10

#attackers

#remote

#issue

#fix

#execution

#bug

#allow

#attack

#access

Descripción

Ladybug adds message-based debugging, unit, system, and regression testing to Java applications. Versions prior 3.0-20251107.114628 contain the APIs /iaf/ladybug/api/report/{storage} /iaf/ladybug/api/report/upload, which allow uploading gzip-compressed XML files with user-controllable content. The system deserializes these files, enabling attackers achieve Remote Code Execution (RCE) by submitting carefully crafted payloads thereby gain access target server. This issue is fixed in version 3.0-20251107.114628.

https://github.com/wearefrank/ladybug/security/advisories/GHSA-f9fh-r3cv-398f

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-66214

Resultados similares

Coincidentes en almenos en 50% de los tags

12-12-2025
React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigatio...
Ver información

10-12-2025 CVE-2025-67505
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11....
Ver información