CVE-2025-0632

Name of the Vulnerable Software and Affected Versions Formulatrix Rock Maker Web versions 3.2.1.1 and later

Description A Local File Inclusion (LFI) vulnerability in the Render function of Formulatrix Rock Maker Web allows a remote attacker to obtain sensitive data via arbitrary code execution. This could enable a malicious actor to execute malicious scripts, automatically downloading configuration files in known locations to exfiltrate data, including credentials. The lack of rate limiting also allows a malicious actor to enumerate the filesystem of the host machine, potentially leading to full host compromise.

Recommendations For versions 3.2.1.1 and later, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.