CVE-2023-25054

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 29, 2023
Updated: Jan 4, 2024
CWE ID 94

Summary

CVE-2023-25054 is a Code Injection vulnerability affecting RSVPMaker from versions n/a through 10.6.6. The issue arises due to improper controls during code generation, which may allow an attacker to inject malicious code into the application. This vulnerability poses a significant risk to systems running the affected version of RSVPMaker, potentially leading to unauthorized access or system compromise. Users are strongly encouraged to update to a secure version as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share