CVE-2010-20120
published 2025-08-21CVE-2010-20120: Maple versions up to and including 13's Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior…
PriorityP350high8.4CVSS 4.0
AVLACLATNPRNUIAVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.34%
26.1th percentile
Maple versions up to and including 13's Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers to craft malicious .maplet files that execute arbitrary code without user interaction.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| maplesoft | maple | <= 13 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for the opening of .maplet files, especially those that trigger process creation or file writes, as the Maplet framework executes embedded commands automatically upon file open without user interaction. ↗
- →Alert on child processes spawned by the Maple application process, particularly when initiated by opening a .maplet file, as code execution occurs without user interaction. ↗
- ·All Maple versions up to and including 13 are suspected vulnerable; testing was confirmed only on version 13 on Windows, so behavior on other platforms or versions may differ. ↗
- ·The vulnerability is specific to the Maplet framework and does not affect standard Maple worksheets, which enforce security restrictions preventing automatic code execution. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/fileformat/maple_maplet.rbhttps://www.exploit-db.com/exploits/16308https://www.juniper.net/us/en/threatlabs/ips-signatures/detail.HTTP:MISC:MAPLE-MAPLET-CMD-EXEC.htmlhttps://www.maplesoft.com/products/maple/https://www.vulncheck.com/advisories/maple-maplet-file-creation-command-executionhttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/fileformat/maple_maplet.rbhttps://www.exploit-db.com/exploits/16308
2025-08-21
Published