Strix
26.1K

CVE-2025-57644

CRITICALCVSS 9.1/10EPSS 0.69%

Last modified

CVE-2025-57644 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. EPSS estimates a 0.69% chance of exploitation in the next 30 days.

Description

Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write and server-side request forgery (SSRF), enabling interaction with internal or external systems. Successful exploitation can lead to full server compromise, unauthorized access to sensitive data, and further network exploitation.

Metrics

CVSS 3.1
9.1/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Probability
0.69%

48.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AccelaAutomation Platform22.2.3.0.230103

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2025-57644?
Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write and server-side request forgery (SSRF), enabling interaction with internal or external systems. Successful exploitation can lead to full server compromise, unauthorized access to sensitive data, and further network exploitation.
How severe is CVE-2025-57644?
CVE-2025-57644 has a CVSS score of 9.1/10 (CRITICAL severity). The EPSS model estimates a 0.69% probability of exploitation in the next 30 days.
How do I fix CVE-2025-57644?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-57644?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST