CVE-2025-3984 – Apereo CAS Groovy Code Handler Code Injection Vulnerability

April 27, 2025

CVE ID : CVE-2025-3984

Published : April 27, 2025, 8:15 p.m. | 2 hours, 49 minutes ago

Description : A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6webapp-mgmtcas-management-webapp-supportsrcmainjavaorgapereocasmgmtserviceswebRegisteredServiceSimpleFormController.java of the component Groovy Code Handler. The manipulation leads to code injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46687 – QuickJS Heap Buffer Overflow

Next Article CVE-2025-3983 – AMTT Hotel Broadband Operation System NLog Down.php Remote Command Injection Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

Copilot Vision just launched — and Microsoft already added new features

Master Data Management: The Key to Improved Analytics Reporting

Master Data Management: The Key to Improved Analytics Reporting

Salesforce Lead-to-Revenue Management

React Native 0.80 – React 19.1, JS API Changes, Freezing Legacy Arch and much more

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

CVE-2025-3984 – Apereo CAS Groovy Code Handler Code Injection Vulnerability

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

Researchers Detail Zero-Click Copilot Exploit ‘EchoLeak’

Firefox 139 Brings Custom New Tab Wallpapers, Better Upload Speeds

CVE-2025-4262 – “PHPGurukul Online DJ Booking Management System SQL Injection Vulnerability”

CVE-2025-32928 – ThemeGoods Altair Object Injection Vulnerability

CVE-2025-48755 – Spiral-rs Crate Zero-Sized Type Allocation Arbitrary Write

VESDA Aspirating Smoke Detection System Setup Cost in India | Xtralis Price & Installation

Raising the Bar for AI Assistant in Adobe Experience Platform

GNOME Foundation nomina un nuovo direttore esecutivo con profilo tecnico ed esperienza consolidata

A spring iPhone launch? Apple might shake up its iPhone release schedule – here’s why

CVE-2025-3984 – Apereo CAS Groovy Code Handler Code Injection Vulnerability

Related Posts