CVE-2025-40592

Name of the Vulnerable Software and Affected Versions Mendix Studio Pro versions prior to 8.18.35 Mendix Studio Pro versions prior to 9.24.35 Mendix Studio Pro versions prior to 10.6.24 Mendix Studio Pro versions prior to 10.12.17 Mendix Studio Pro versions prior to 10.18.7 Mendix Studio Pro versions prior to 10.23.0 Mendix Studio Pro 11 (all versions)

Description A zip path traversal vulnerability exists in the module installation process of Studio Pro. This issue allows an attacker to write or modify arbitrary files in directories outside a developer’s project directory upon module installation by crafting a malicious module and distributing it via the Mendix Marketplace.

Recommendations For Mendix Studio Pro versions prior to 8.18.35, update to version 8.18.35 or later. For Mendix Studio Pro versions prior to 9.24.35, update to version 9.24.35 or later. For Mendix Studio Pro versions prior to 10.6.24, update to version 10.6.24 or later. For Mendix Studio Pro versions prior to 10.12.17, update to version 10.12.17 or later. For Mendix Studio Pro versions prior to 10.18.7, update to version 10.18.7 or later. For Mendix Studio Pro versions prior to 10.23.0, update to version 10.23.0 or later. For Mendix Studio Pro 11, consider disabling the module installation feature until a patch is available.