CVE-2025-3984

Name of the Vulnerable Software and Affected Versions Apereo CAS version 5.2.6

Description A critical issue was found, affecting the saveService function of the RegisteredServiceSimpleFormController.java file in the Groovy Code Handler component. This issue leads to code injection and can be exploited remotely, although the complexity of the attack is considered high and the exploitation is known to be difficult. The exploit has been publicly disclosed.

Recommendations For Apereo CAS version 5.2.6, as a temporary workaround, consider disabling the saveService function until a patch is available. Restrict access to the Groovy Code Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.