CVE-2025-3322

An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server.

CVSS

No CVSS.

References

Link	Resource
https://www.bbraun.com/productsecurity

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Una neutralización incorrecta de las entradas utilizadas en el lenguaje de expresión permite la ejecución remota de código con los privilegios más altos en el servidor.

06 Jun 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-06 09:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-3322

Mitre link : CVE-2025-3322

CVE.ORG link : CVE-2025-3322

JSON object : View

Products Affected

No product.

CWE

CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

{"id": "CVE-2025-3322", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "productsecurity@bbraun.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 10.0, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-06T09:15:23.003", "references": [{"url": "https://www.bbraun.com/productsecurity", "source": "productsecurity@bbraun.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "productsecurity@bbraun.com", "description": [{"lang": "en", "value": "CWE-917"}]}], "descriptions": [{"lang": "en", "value": "An improper neutralization of inputs used in expression\nlanguage allows remote code execution with the highest privileges on the\nserver."}, {"lang": "es", "value": "Una neutralizaci\u00f3n incorrecta de las entradas utilizadas en el lenguaje de expresi\u00f3n permite la ejecuci\u00f3n remota de c\u00f3digo con los privilegios m\u00e1s altos en el servidor."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "productsecurity@bbraun.com"}

CVE-2025-3322

JSON object

Attach tags to CVE-2025-3322

Attach tags to `CVE-2025-3322`