CVE-2025-12140 – RCE in Wirtualna Uczelnia

CVE ID : CVE-2025-12140

Published : Nov. 27, 2025, 2:01 p.m. | 22 minutes ago

Description : The application contains an insecure ‘redirectToUrl’ mechanism that incorrectly processes the value of the ‘redirectUrlParameter’ parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution.
This issue was fixed in version wu#2016.1.5513#0#20251014_113353

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-3261 – Stored Cross-Site Scripting (XSS) in ThingsBoard

CVE-2025-12421 – Account Takeover via Code Exchange Endpoint

CVE-2025-12559 – Information Disclosure in Common Teams API

CVE-2025-12419 – Account takeover on OAuth/OpenID-enabled servers