CVE-2025-0632 – Formulatrix Rock Maker Web Local File Inclusion Vulnerability

April 21, 2025

CVE ID : CVE-2025-0632

Published : April 21, 2025, 6:15 a.m. | 40 minutes ago

Description : Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to exfiltrate data including credentials, and with no rate limiting a malicious actor could enumerate the filesystem of the host machine and potentially lead to full host compromise.

This issue affects Rock Maker Web: from 3.2.1.1 and later

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCodeSOD: The Variable Toggle

Next Article CVE-2025-3821 – SourceCodester Web-based Pharmacy Product Management System Cross-Site Scripting Vulnerability

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Top 10 Use Cases of Vibe Coding in Large-Scale Node.js Applications

Building smarter interactions with MCP elicitation: From clunky tool calls to seamless user experiences

From Zero to MCP: Simplifying AI Integrations with xmcp

Distribution Release: Linux Mint 22.2

Coded Smorgasbord: Basically, a Smorgasbord

Drupal 11’s AI Features: What They Actually Mean for Your Team

Drupal 11’s AI Features: What They Actually Mean for Your Team

Why Data Governance Matters More Than Ever in 2025?

Perficient Included in the IDC Market Glance for Digital Business Professional Services, 3Q25

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

Distribution Release: Linux Mint 22.2

‘Cronos: The New Dawn’ was by far my favorite experience at Gamescom 2025 — Bloober might have cooked an Xbox / PC horror masterpiece

CVE-2025-0632 – Formulatrix Rock Maker Web Local File Inclusion Vulnerability

Critical Linux UDisks Daemon Vulnerability (CVE-2025-8067) Exposes Privileged Data to Local Attackers

Google Slapped with $381 Million Fine in France Over Gmail Ads, Cookie Consent Missteps

Critical Flaws in Phoenix Contact EV Charging Controllers Expose Infrastructure to Remote Code Execution and Unauthorized Access

CVE-2025-8330 – Code-projects Vehicle Management SQL Injection

Unpacking the bias of large language models

CVE-2025-22470 – Siemens SIMATIC CL4/6NX Plus Lua File Execution Vulnerability

CVE-2023-3948 – CVE-2021-4034: Cisco ASA SSL/TLS Downgrade Vulnerability

Xbox CEO Phil Spencer reportedly couldn’t stop playing ZeniMax’s unannounced game — and now it’s canceled

Git security vulnerabilities announced

400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks that Exploited in the Wild

CVE-2025-0632 – Formulatrix Rock Maker Web Local File Inclusion Vulnerability

Related Posts