CVE-2025-66214

Name of the Vulnerable Software and Affected Versions Ladybug versions prior to 3.0-20251107.114628

Description Ladybug is a tool that adds message-based debugging, unit, system, and regression testing to Java applications. The software contains the API endpoints /iaf/ladybug/api/report/{storage} and /iaf/ladybug/api/report/upload, which permit the upload of gzip-compressed XML files with user-controllable content. The system deserializes these XML files, potentially allowing an attacker to achieve Remote Code Execution (RCE) by submitting specially crafted XML payloads and gaining access to the target server. The vulnerable parameters are the content of the uploaded XML files.

Recommendations Update to version 3.0-20251107.114628.