CNNVD-202507-1536 Information
CNNVD ID
CNNVD-202507-1536
Related CVE
- CNNVD Published: 2025-07-10
Description (Chinese)
ProcessMaker是美国ProcessMaker公司的一个Php编写的用于商业进程管理(BPM)和工作流管理的建站系统。 ProcessMaker 3.5.4之前版本存在安全漏洞,该漏洞源于插件上传处理不当,可能导致远程代码执行。
Description (English)
ProcessMaker is a construction site system for business process management (BPM) and workflow management developed by Php of ProcessMaker, United States. Pre-ProcessMaker 3.5.4 has a security loophole, which stems from the inappropriate uploading of the plugin, which could lead to remote code implementation.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
ProcessMaker
Published
2025-07-10
Last Modified
2026-02-24
References
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/ https://wiki.processmaker.net/3.0/Plugin_Development https://www.exploit-db.com/exploits/44399 https://vulncheck.com/advisories/process-maker-authenticated-plugin-upload-rce https://process-maker-authenticated-plugin-upload-rce https://www.fortiguard.com/encyclopedia/ips/45757 https://nvd.nist.gov/vuln/detail/CVE-2025-34097 https://access.redhat.com/security/cve/cve-2025-34097
Patch
https://wiki.processmaker.net/3.0/Plugin_Development
Share on: