CVE-2025-43948 Information

Description

Codemers KLIMS 1.6.DEV allows Python code injection. A user can provide Python code as an input value for a parameter or qualifier (such as for sorting) which will get executed on the server side.

Reference

https://de.linkedin.com/company/codemers https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2025-43948