CVE-2025-5679 – Shenzhen Dashi Tongzhou Information Technology AgileBPM Deserialization Remote Code Execution Vulnerability

June 5, 2025

CVE ID : CVE-2025-5679

Published : June 5, 2025, 7:15 p.m. | 2 hours, 52 minutes ago

Description : A vulnerability classified as critical has been found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected is the function parseStrByFreeMarker of the file /src/main/java/com/dstz/sys/rest/controller/SysToolsController.java. The manipulation of the argument str leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5676 – Campcodes Online Recruitment Management System SQL Injection

Next Article CVE-2025-5677 – Campcodes Online Recruitment Management System SQL Injection

AI and its impact on the developer experience, or ‘where is the joy?’

Google launches OSS Rebuild tool to improve trust in open source packages

AI-enabled software development: Risk of skill erosion or catalyst for growth?

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Power bank slapped with a recall? Stop using it now – here’s why

I recommend these budget earbuds over pricier Bose and Sony models – here’s why

Microsoft’s big AI update for Windows 11 is here – what’s new

Slow internet speed on Linux? This 30-second fix makes all the difference

Singleton and Scoped Container Attributes in Laravel 12.21

Singleton and Scoped Container Attributes in Laravel 12.21

wulfheart/laravel-actions-ide-helper

lanos/laravel-cashier-stripe-connect

‘Wuchang: Fallen Feathers’ came close to fully breaking me multiple times — a soulslike as brutal and as beautiful as it gets

‘Wuchang: Fallen Feathers’ came close to fully breaking me multiple times — a soulslike as brutal and as beautiful as it gets

Sam Altman is “terrified” of voice ID fraudsters embracing AI — and threats of US bioweapon attacks keep him up at night

NVIDIA boasts a staggering $111 million in market value per employee — since it became the world’s first $4 trillion company

CVE-2025-5679 – Shenzhen Dashi Tongzhou Information Technology AgileBPM Deserialization Remote Code Execution Vulnerability

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Why is your data worth so much? | Unlocked 403 cybersecurity podcast (S2E4)

Dell PowerScale Vulnerability Let Attackers Gain Unauthorized Filesystem Access

CVE-2025-4016 – Novel-Plus LogController Java Remote Authorization Bypass

Redwood is coming…

Ubuy Scales E-Commerce Globally and Unlocks AI With MongoDB

CVE-2025-49865 – Helmut Wandl Advanced Settings CSRF Vulnerability

A First Look at the Interest Invoker API (for Hover-Triggered Popovers)

Writing Your First Terraform Configuration: A Step-by-Step Guide

Debug Code in ExpressVPN Windows App Caused IP Leak via RDP Port

CVE-2025-5679 – Shenzhen Dashi Tongzhou Information Technology AgileBPM Deserialization Remote Code Execution Vulnerability

Related Posts