CNNVD-202510-2624 Information

CNNVD ID

CNNVD-202510-2624

Related CVE

CVE-2025-57738

• CNNVD Published: 2025-10-20

Description (Chinese)

Apache Syncope是美国阿帕奇（Apache）基金会的一套用于企业环境中的开源数字身份管理系统。该系统支持身份管理、角色配置等。 Apache Syncope 3.0.14版本和4.0.2版本存在安全漏洞，该漏洞源于恶意管理员可注入Groovy代码，可能导致远程代码执行。

Description (English)

Apache Syncope is an open-source digital identity management system for the business environment of the Apache Foundation in the United States. The system supports identity management, role allocation, etc. There is a security loophole in Appache Syncope, version 3.0.14 and 4.0.2, which stems from the fact that malicious administrators can inject Groovy code, which may lead to remote code implementation.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2025-10-20

Last Modified

2026-02-24

References

https://lists.apache.org/thread/x7cv6xv7z76y49grdr1hgj1pzw5zbby6

Patch

https://lists.apache.org/thread/x7cv6xv7z76y49grdr1hgj1pzw5zbby6