Cyber Resilience

CVE-2021-27852

CriticalCISA KEVActive ExploitationEUVD ExploitedRCE

Published: 27 May 2021

Published
27 May 2021
Modified
24 October 2025
KEV Added
11 April 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2555 96.4th percentile
Risk Priority 55 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-27852 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Checkbox Survey. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 3.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2021-27852 is a deserialization of untrusted data vulnerability (CWE-502) located in CheckboxWeb.dll within Checkbox Survey. The flaw affects all versions prior to 7 and carries a CVSS 3.1 base score of 9.8, reflecting network-accessible attack complexity that is both low and unauthenticated.

An unauthenticated remote attacker can supply a crafted serialized object to CheckboxWeb.dll, triggering arbitrary code execution on the server with no user interaction required. Successful exploitation grants the attacker full confidentiality, integrity, and availability impact on the affected survey application.

The vulnerability is tracked in the CISA Known Exploited Vulnerabilities catalog and referenced in CERT/CC advisory VU#706695, indicating that official sources treat it as actively exploited and recommend applying the vendor-supplied update to version 7 or later as the primary mitigation.

EU & UK References

Vulnerability details

Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. This issue affects: Checkbox Survey versions prior to 7.

CWE(s)
KEV Date Added
11 April 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

checkbox
survey
≤ 7.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor patch that eliminates the vulnerable deserialization routine in CheckboxWeb.dll.

prevent

Enforces validation of all input before deserialization, blocking crafted serialized objects from unauthenticated remote sources.

preventdetect

Deploys malicious-code detection mechanisms that can identify or block the arbitrary code executed via the deserialization flaw.

References