CVE-2025-60889
published 2026-04-28CVE-2025-60889: Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.57%
42.7th percentile
Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| stellar-group | hpx | <= 1.11.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-25c8-fc6x-9x37: Insecure deserialization of untrusted input in StellarGroup HPX 1
ghsa_unreviewed·2026-04-28
CVE-2025-60889 [CRITICAL] CWE-502 GHSA-25c8-fc6x-9x37: Insecure deserialization of untrusted input in StellarGroup HPX 1
Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts.
VulDB
StellarGroup HPX 1.11.0 deserialization (EUVD-2025-209583)
vuldb·2026-04-28
CVE-2025-60889 [CRITICAL] StellarGroup HPX 1.11.0 deserialization (EUVD-2025-209583)
A vulnerability labeled as critical has been found in StellarGroup HPX 1.11.0. The affected element is an unknown function. Executing a manipulation can lead to deserialization.
This vulnerability is tracked as CVE-2025-60889. The attack can be launched remotely. No exploit exists.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-28
Published