CVE-2025-27107

Name of the Vulnerable Software and Affected Versions: Integrated Scripting versions prior to 1.21.1-1.0.17 Integrated Scripting versions prior to 1.21.4-1.0.9-254 Integrated Scripting versions prior to 1.20.1-1.0.13 Integrated Scripting versions prior to 1.19.2-1.0.10

Description: The issue allows for arbitrary code execution by using Java reflection on a thrown exception object to escape the JavaScript sandbox for IntegratedScripting's Variable Cards. This enables the construction of arbitrary Java classes and invocation of arbitrary Java methods, including execution of arbitrary native code, for example, from java.lang.Runtime.exec, on the Minecraft server by any player with the ability to create and use an IntegratedScripting Variable Card.

Recommendations: Update to version 1.21.1-1.0.17 or later to resolve the issue. Update to version 1.21.4-1.0.9-254 or later to resolve the issue. Update to version 1.20.1-1.0.13 or later to resolve the issue. Update to version 1.19.2-1.0.10 or later to resolve the issue.