CVE-2025-5679 – Shenzhen Dashi Tongzhou Information Technology AgileBPM Deserialization Remote Code Execution Vulnerability

June 5, 2025

CVE ID : CVE-2025-5679

Published : June 5, 2025, 7:15 p.m. | 2 hours, 52 minutes ago

Description : A vulnerability classified as critical has been found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected is the function parseStrByFreeMarker of the file /src/main/java/com/dstz/sys/rest/controller/SysToolsController.java. The manipulation of the argument str leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5676 – Campcodes Online Recruitment Management System SQL Injection

Next Article CVE-2025-5677 – Campcodes Online Recruitment Management System SQL Injection

Highlights

CVE-2025-3889 – WordPress Simple Shopping Cart Insecure Direct Object Reference

May 1, 2025

CVE ID : CVE-2025-3889

Published : May 1, 2025, 12:15 p.m. | 53 minutes ago

Description : The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the ‘process_payment_data’ due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to change the quantity of a product to a negative number, which subtracts the product cost from the total order cost. The attack will only work with Manual Checkout mode, as PayPal and Stripe will not process payments for a negative quantity.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Development Release: KDE Linux 20250906

Hitachi Energy Pledges $1B to Strengthen US Grid, Build Largest Transformer Plant in Virginia

How to debug a web app with Playwright MCP and GitHub Copilot

Between Strategy and Story: Thierry Chopain’s Creative Path

Health Monitoring Android App using SQLite

Health Monitoring Android App using SQLite

Convertedbook – Live LaTeX Preview in the Browser

Why browsers throttle JavaScript timers (and what to do about it)

Development Release: KDE Linux 20250906

Development Release: KDE Linux 20250906

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

CVE-2025-5679 – Shenzhen Dashi Tongzhou Information Technology AgileBPM Deserialization Remote Code Execution Vulnerability

Under lock and key: Safeguarding business data with encryption

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

Best Media Creation Tool alternatives to create a Windows 11 bootable USB

AI is eating the Internet

NetPeek is a New, User-Friendly Network Scanner for Linux

CVE-2025-53478 – Mediawiki CheckUser Extension Cross-Site Scripting (XSS)

CVE-2025-3889 – WordPress Simple Shopping Cart Insecure Direct Object Reference

My son’s been bugging me to play Minecraft for six years and this one mod could actually make me do it

CISA Warns of Wing FTP Server Vulnerability Actively Exploited in Attacks

La Germania si impegna ad adottare l’Open Document Format

CVE-2025-5679 – Shenzhen Dashi Tongzhou Information Technology AgileBPM Deserialization Remote Code Execution Vulnerability

Related Posts