PT-2024-16023 · Telerik · Telerik Ui For Wpf
Published
2024-12-16
·
Updated
2025-05-11
·
CVE-2024-10095
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213)
Description
A code execution attack is possible through an insecure deserialization vulnerability. This issue affects Telerik UI for WPF and can be exploited, allowing for code execution.
Recommendations
For versions prior to 2024 Q4 (2024.4.1213), update to the latest version to mitigate the risk of code execution attacks through insecure deserialization vulnerabilities.
As a temporary workaround, consider restricting the use of deserialization functions until a patch is available.
Fix
RCE
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Telerik Ui For Wpf