CVE-2025-60237

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Themeton Finag versions through 1.5.0

Description An issue exists in Themeton Finag where deserialization of untrusted data can lead to object injection. This allows for potential exploitation through the deserialization process.

Recommendations Update Finag to a version newer than 1.5.0.

Fix

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2025-60237

Affected Products

Themeton Finag

CVE-2025-60237

Weakness Enumeration

Related Identifiers

Affected Products

References · 7