CVE-2025-54466 (GCVE-0-2025-54466)

Vulnerability from cvelistv5 – Published: 2025-08-15 14:13 – Updated: 2026-02-26 17:48
VLAI
Title
Apache OFBiz: RCE Vulnerability in scrum plugin
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended to upgrade to version 24.09.02, which fixes the issue.
Severity
No CVSS data available.
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
Vendor Product Version
Apache Software Foundation Apache OFBiz Affected: 0 , < 24.09.02 (custom)
Create a notification for this product.
Credits
Teeramet Eakwilai <teeramet@datafarm.co.th> Thanasin Luangpipat Jarukit Auikritskul
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-54466",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-19T03:55:30.718610Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:48:32.591Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:12:47.762Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/08/05/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache OFBiz",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "24.09.02",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Teeramet Eakwilai \u003cteeramet@datafarm.co.th\u003e"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanasin Luangpipat"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Jarukit Auikritskul"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability leading to a possible RCE in Apache OFBiz\u0026nbsp;scrum plugin.\u003cbr\u003e\u003cbr\u003eThis issue affects Apache OFBiz: before 24.09.02 only when the\u0026nbsp;scrum plugin is used.\u003c/p\u003e\u003cp\u003eEven unauthenticated attackers can exploit this vulnerability.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 24.09.02, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability leading to a possible RCE in Apache OFBiz\u00a0scrum plugin.\n\nThis issue affects Apache OFBiz: before 24.09.02 only when the\u00a0scrum plugin is used.\n\nEven unauthenticated attackers can exploit this vulnerability.\n\n\nUsers are recommended to upgrade to version 24.09.02, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-15T14:13:52.584Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "mitigation"
          ],
          "url": "https://ofbiz.apache.org/download.html"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://ofbiz.apache.org/security.html"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://ofbiz.apache.org/release-notes-24.09.02.html"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://issues.apache.org/jira/browse/OFBIZ-13276"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/14d0yd9co9gx2mctd3vyz1cc8d39n915"
        }
      ],
      "source": {
        "defect": [
          "OFBIZ-13276"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Apache OFBiz: RCE Vulnerability in scrum plugin",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-54466",
    "datePublished": "2025-08-15T14:13:52.584Z",
    "dateReserved": "2025-07-23T08:08:20.796Z",
    "dateUpdated": "2026-02-26T17:48:32.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-54466",
      "date": "2026-05-28",
      "epss": "0.00246",
      "percentile": "0.47959"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-54466\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-08-15T15:15:32.360\",\"lastModified\":\"2025-11-04T22:16:28.177\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability leading to a possible RCE in Apache OFBiz\u00a0scrum plugin.\\n\\nThis issue affects Apache OFBiz: before 24.09.02 only when the\u00a0scrum plugin is used.\\n\\nEven unauthenticated attackers can exploit this vulnerability.\\n\\n\\nUsers are recommended to upgrade to version 24.09.02, which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de control inadecuado de generaci\u00f3n de c\u00f3digo (\u0027Inyecci\u00f3n de c\u00f3digo\u0027) que puede provocar una RCE en el complemento Scrum de Apache OFBiz. Este problema afecta a Apache OFBiz: versiones anteriores al 24.09.02 \u00fanicamente cuando se utiliza el complemento Scrum. Incluso atacantes no autenticados pueden explotar esta vulnerabilidad. Se recomienda actualizar a la versi\u00f3n 24.09.02, que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"24.09.02\",\"matchCriteriaId\":\"F57B463E-E4F4-4AF1-9661-F139A6C41869\"}]}]}],\"references\":[{\"url\":\"https://issues.apache.org/jira/browse/OFBIZ-13276\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.apache.org/thread/14d0yd9co9gx2mctd3vyz1cc8d39n915\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://ofbiz.apache.org/download.html\",\"source\":\"security@apache.org\",\"tags\":[\"Product\"]},{\"url\":\"https://ofbiz.apache.org/release-notes-24.09.02.html\",\"source\":\"security@apache.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://ofbiz.apache.org/security.html\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/08/05/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/08/05/1\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:12:47.762Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-54466\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-19T03:55:30.718610Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-15T19:04:42.317Z\"}}], \"cna\": {\"title\": \"Apache OFBiz: RCE Vulnerability in scrum plugin\", \"source\": {\"defect\": [\"OFBIZ-13276\"], \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Teeramet Eakwilai \u003cteeramet@datafarm.co.th\u003e\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Thanasin Luangpipat\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Jarukit Auikritskul\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"moderate\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache OFBiz\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"24.09.02\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://ofbiz.apache.org/download.html\", \"tags\": [\"mitigation\"]}, {\"url\": \"https://ofbiz.apache.org/security.html\", \"tags\": [\"related\"]}, {\"url\": \"https://ofbiz.apache.org/release-notes-24.09.02.html\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://issues.apache.org/jira/browse/OFBIZ-13276\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://lists.apache.org/thread/14d0yd9co9gx2mctd3vyz1cc8d39n915\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability leading to a possible RCE in Apache OFBiz\\u00a0scrum plugin.\\n\\nThis issue affects Apache OFBiz: before 24.09.02 only when the\\u00a0scrum plugin is used.\\n\\nEven unauthenticated attackers can exploit this vulnerability.\\n\\n\\nUsers are recommended to upgrade to version 24.09.02, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eImproper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability leading to a possible RCE in Apache OFBiz\u0026nbsp;scrum plugin.\u003cbr\u003e\u003cbr\u003eThis issue affects Apache OFBiz: before 24.09.02 only when the\u0026nbsp;scrum plugin is used.\u003c/p\u003e\u003cp\u003eEven unauthenticated attackers can exploit this vulnerability.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 24.09.02, which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-08-15T14:13:52.584Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-54466\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T17:48:32.591Z\", \"dateReserved\": \"2025-07-23T08:08:20.796Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-08-15T14:13:52.584Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.