CNNVD-202506-1647 Information
CNNVD ID
CNNVD-202506-1647
Related CVE
- CNNVD Published: 2025-06-12
Description (Chinese)
Mendix Studio Pro是美国Mendix公司的一个可视化模型驱动的IDE。 Mendix Studio Pro存在路径遍历漏洞,该漏洞源于模块安装过程中的zip路径遍历,可能导致任意文件写入或修改。以下版本受到影响:V10.23.0之前版本、10.12 V10.12.17之前版本、10.18 V10.18.7之前版本、10.6 V10.6.24之前版本、11所有版本、8 V8.18.35之前版本和9 V9.24.35之前版本。
Description (English)
Mendix Studio Pro is an IDE driven by a visual model of Mendix in the United States. Mendix Studio Pro has a loophole in the path, which stems from the zip path of the module installation, which may lead to the writing or modification of any document. The following versions were affected: V10.23.0, V10.12.17, V10.18.7, V10.6.24, all 11, V8.18.35 and V9.24.35.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
Mendix
Published
2025-06-12
Last Modified
2026-02-24
References
https://cert-portal.siemens.com/productcert/html/ssa-627195.html https://access.redhat.com/security/cve/cve-2025-40592 https://nvd.nist.gov/vuln/detail/CVE-2025-40592
Patch
https://marketplace.mendix.com/link/studiopro
Share on: