CVE-2025-47292

Cap Collectif <commit 812f2a7d271b76deab1175bdaf2be0b8102dd198 - RCE

Title source: llm

Description

Cap Collectif is an online decision making platform that integrates several tools. Before commit 812f2a7d271b76deab1175bdaf2be0b8102dd198, the `DebateAlternateArgumentsResolver` deserializes a `Cursor`, allowing any classes and which can be controlled by unauthenticated user. Exploitation of this vulnerability can lead to Remote Code Execution. The vulnerability is fixed in commit 812f2a7d271b76deab1175bdaf2be0b8102dd198.

References (2)

[Patch] https://github.com/cap-collectif/cap-collectif/commit/812f2a7d271b76deab1175bdaf2be0b8102dd198

View Patch ZIP pw:eip

[Vendor Advisory] https://github.com/cap-collectif/cap-collectif/security/advisories/GHSA-hf7r-rjh4-5fc8

Scores

EPSS 0.0488

EPSS Percentile 89.4%

Classification

CWE

CWE-502

Status draft

Timeline

Published May 14, 2025

Tracked Since Feb 18, 2026