Apache · Apache Causeway · CVE-2025-64408
**Name of the Vulnerable Software and Affected Versions**
Apache Causeway (affected versions not specified)
**Description**
Apache Causeway is susceptible to Java deserialization issues that can lead to remote code execution (RCE). Exploitation occurs through user-controllable URL parameters. Authenticated attackers can leverage these flaws to execute arbitrary code with application privileges. The issue impacts all applications utilizing Causeway's ViewModel functionality.
**Recommendations**
Upgrade to version 3.5.0 to resolve the issue.