CVE-2025-40592 Information
Description
A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0) Mendix Studio Pro 10.12 (All versions < V10.12.17) Mendix Studio Pro 10.18 (All versions < V10.18.7) Mendix Studio Pro 10.6 (All versions < V10.6.24) Mendix Studio Pro 11 (All versions) Mendix Studio Pro 8 (All versions < V8.18.35) Mendix Studio Pro 9 (All versions < V9.24.35). A zip path traversal vulnerability exists in the module installation process of Studio Pro. By crafting a malicious module and distributing it via (for example) the Mendix Marketplace an attacker could write or modify arbitrary files in directories outside a developer’s project directory upon module installation.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
Reference
https://cert-portal.siemens.com/productcert/html/ssa-627195.html
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
NONE
Base Severity
6.1
Related CNNVD
CNNVD-202506-1647 (Published: 2025-06-12)
Share on: