CVE-2010-20120

HIGH

Maple <13 - Command Injection

Title source: llm

Description

Maple versions up to and including 13's Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers to craft malicious .maplet files that execute arbitrary code without user interaction.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/16308

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by scriptjunkie · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/fileformat/maple_maplet.rb

View Code ZIP pw:eip

References (5)

[Various Sources] https://www.maplesoft.com/products/maple/

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/fileformat/maple_maplet.rb

[Various Sources] https://www.juniper.net/us/en/threatlabs/ips-signatures/detail.HTTP:MISC:MAPLE-MAPLET-CMD-EXEC.html

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/16308

[Third Party Advisory] https://www.vulncheck.com/advisories/maple-maplet-file-creation-command-execution

Scores

CVSS v4 8.4

EPSS 0.0640

EPSS Percentile 91.1%

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

Maplesoft/Maple < 13

Published Aug 21, 2025

Tracked Since Feb 18, 2026