CVE-2025-54466
published 2025-08-15CVE-2025-54466: Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin.
This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used.
Even unauthenticated attackers can exploit this vulnerability.
Users are recommended to upgrade to version 24.09.02, which fixes the issue.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | ofbiz | < 24.09.02 | 24.09.02 |
| apache | ofbiz | — | — |
| apache_software_foundation | apache_ofbiz | < 24.09.02 | 24.09.02 |