CVE-2025-12140

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Wirtualna Uczelnia versions prior to wu#2016.1.5513#0#20251014 113353

Description The application has an insecure 'redirectToUrl' mechanism that incorrectly processes the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, potentially allowing an unauthenticated attacker to execute arbitrary code. The vulnerable component is the processing of the redirectUrlParameter parameter within the 'redirectToUrl' mechanism.

Recommendations Update Wirtualna Uczelnia to version wu#2016.1.5513#0#20251014 113353 or later.

Fix

RCE

Eval Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-95

Related Identifiers

CVE-2025-12140

Affected Products

Wirtualna Uczelnia

CVE-2025-12140

Weakness Enumeration

Related Identifiers

Affected Products

References · 7