CVE-2025-45854 PUBLISHED

Assigner: mitre
Reserved: 22.04.2025 Published: 03.06.2025 Updated: 04.06.2025

/server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 10

Product Status

Vendor JEHc
Product JEHC-BPM
Versions Default: unknown
  • Version 2.0.1 is affected

References

Problem Types

  • CWE-862 Missing Authorization CWE