CVE-2025-3984 – Apereo CAS Groovy Code Handler Code Injection Vulnerability

April 27, 2025

CVE ID : CVE-2025-3984

Published : April 27, 2025, 8:15 p.m. | 2 hours, 49 minutes ago

Description : A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6webapp-mgmtcas-management-webapp-supportsrcmainjavaorgapereocasmgmtserviceswebRegisteredServiceSimpleFormController.java of the component Groovy Code Handler. The manipulation leads to code injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46687 – QuickJS Heap Buffer Overflow

Next Article CVE-2025-3983 – AMTT Hotel Broadband Operation System NLog Down.php Remote Command Injection Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

Minecraft Vibrant Visuals finally has a release date and it’s dropping with the Happy Ghasts

QAQ-QQ-AI-QUEST

QAQ-QQ-AI-QUEST

JS Dark Arts: Abusing prototypes and the Result type

Helpful Git Aliases To Maximize Developer Productivity

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

CVE-2025-3984 – Apereo CAS Groovy Code Handler Code Injection Vulnerability

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Apple Patches Flaw Exploited in Zero-click Paragon Spyware Attacks

CVE-2025-27131 – OpenHarmony Denial of Service Vulnerability

The 7 gadgets I never travel without (and why they make such a big difference)

What’s New From MongoDB at Google Cloud Next 2025

Will you be the boss of your own AI workforce?

CVE-2025-20963 – Symantec Antivirus Buffer Overflow

Introducing My Second Project: Cross-Cultural Name Solutions

CVE-2025-5655 – PHPGurukul Complaint Management System SQL Injection Vulnerability

Debian e l’Intelligenza Artificiale: Nuove Discussioni sulla Conformità ai Principi del Software Libero

CVE-2025-3984 – Apereo CAS Groovy Code Handler Code Injection Vulnerability

Related Posts