CVE-2023-25261

CRITICAL

Stimulsoft Designer and Viewer - Remote Code Execution via Report Variable Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-25261. PoCs published by trustcves.

AI-analyzed exploit summary This writeup details CVE-2023-25261, an RCE vulnerability in Stimulsoft Designer and Viewer due to unrestricted C# code execution in .mrt report files. The document includes technical analysis, vendor communication timeline, and mitigation details but does not contain exploit code.

Description

Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft Designer (Web) 2023.1.3 and Stimulsoft Viewer (Web) 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include source code which reads or writes local directories and files. It is also possible for the attacker to prepare a report which has a variable that holds the gathered data and render it in the report.

Exploits (1)

nomisec WRITEUP

by trustcves · poc

https://github.com/trustcves/CVE-2023-25261

View Code ZIP pw:eip

This writeup details CVE-2023-25261, an RCE vulnerability in Stimulsoft Designer and Viewer due to unrestricted C# code execution in .mrt report files. The document includes technical analysis, vendor communication timeline, and mitigation details but does not contain exploit code.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Stimulsoft Designer (Desktop/Web) and Viewer (Web) versions 2023.1.x

No auth needed

Prerequisites: Access to upload or serve a malicious .mrt file to the target system

MITRE ATT&CK

T1195.001 - Compromise Software Dependencies and Development Tools

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory

http://stimulsoft.com

Broken Link

https://cloud-trustit.spp.at/s/Rskwb3jKXQQsJy2

Third Party Advisory

https://cves.at/posts/cve-2023-25261/writeup/

Scores

CVSS v3 9.8

EPSS 0.0234

EPSS Percentile 81.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-94

Status published

Products (5)

stimulsoft/designer 2023.1

stimulsoft/designer 2023.1.3

stimulsoft/designer 2023.1.4

stimulsoft/viewer 2023.1.3

stimulsoft/viewer 2023.1.4

Published Mar 27, 2023

Tracked Since Feb 18, 2026