CNNVD-202601-2272 Information

Jan 13, 2026 cve

CNNVD ID

CNNVD-202601-2272

CVE-2025-12548

CNNVD Published: 2026-01-13

Description (Chinese)

Eclipse Che是Eclipse基金会的一套基于Java的开源在线集成开发环境（IDE）。 Eclipse Che che-machine-exec存在访问控制错误漏洞，该漏洞源于未经身份验证的远程攻击者可通过JSON-RPC/websocket API执行任意命令并窃取秘密，可能导致远程命令执行和秘密泄露。

Description (English)

Eclipse Che is an open-source online development environment (IDE) based on Java for the Eclipse Foundation. Eclipse Che che-machine-exec has an access control error that stems from the fact that unidentified long-range assailants can carry out arbitrary orders and steal secrets through JSON-RPC/websocket API, which may lead to remote order enforcement and secret disclosure.

Hazard Level

Low

Vulnerability Type

访问控制错误

Affected Vendor

Eclipse

Published

2026-01-13

Last Modified

2026-02-24

References

https://access.redhat.com/errata/RHSA-2025:22620 https://access.redhat.com/errata/RHSA-2025:22623 https://access.redhat.com/errata/RHSA-2025:22652 https://access.redhat.com/security/cve/CVE-2025-12548 https://bugzilla.redhat.com/show_bug.cgi?id=2408850

Share on: