CVE-2026-6125

MEDIUM

Dromara warm-flow Workflow Definition save-json SpelHelper.parseExpression code injection

Title source: cna

Description

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

References (5)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/356989

[Signature, Permissions Required] https://vuldb.com/vuln/356989/cti

[Third Party Advisory] https://vuldb.com/submit/793322

[Exploit] https://gitee.com/dromara/warm-flow/issues/IHURVQ

[Product] https://gitee.com/dromara/warm-flow/

Scores

CVSS v3 6.3

EPSS 0.0002

EPSS Percentile 3.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-74 CWE-94

Status published

Products (6)

Dromara/warm-flow 1.8.0

Dromara/warm-flow 1.8.1

Dromara/warm-flow 1.8.2

Dromara/warm-flow 1.8.3

Dromara/warm-flow 1.8.4

org.dromara.warm/warm-flow-plugin-modes-sb 0 - 1.8.5Maven

Published Apr 12, 2026

Tracked Since Apr 12, 2026