Description
An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server.
References (1)
Scores
CVSS v4
10.0
EPSS
0.0221
EPSS Percentile
84.5%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-917
Status
published
Products (1)
B. Braun Melsungen AG/OnlineSuite
3.0
Published
Jun 06, 2025
Tracked Since
Feb 18, 2026