CVE-2025-6512

Name of the Vulnerable Software and Affected Versions: BRAIN2 versions 0.0 through 3.05

Description: A script can be integrated into a report on a client with a non-admin user. The reports could later be executed on the BRAIN2 server with administrator rights, potentially allowing for code injection. This issue is related to improper control of generation of code.

Recommendations: For BRAIN2 versions 0.0 through 3.05, update to a version later than 3.05 to resolve the issue. As a temporary workaround, consider restricting the execution of reports on the BRAIN2 server to minimize the risk of exploitation.