| TVN ID | TVN-202510002 |
|---|---|
| CVE ID | CVE-2025-11673, CVE-2025-11674 |
| CVSS | CVE-2025-11673: 7.2 (High) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2025-11674: 6.8 (Medium) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| Affected Products | SOOP-CLM version 5.2 and 5.3 |
| Description | CVE-2025-11673(Hidden Functionality): Privileged remote attackers can exploit a hidden functionality to execute arbitrary code on the server. CVE-2025-11674(Server-Side Request Forgery): Privileged remote attackers can read server files or probe internal network information. |
| Solution | Update to version 6.0.0 and later |
| Credit | Naro, Xiaoswaii |
| Public Date | 2025-10-13 |
:::