CVE-2025-12140
Published: 27 November 2025
Summary
CVE-2025-12140 is a critical-severity Eval Injection (CWE-95) vulnerability in Cert (inferred from references). Its CVSS base score is 9.3 (Critical).
Operationally, ranked at the 25.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-199823
- 🇵🇱 CERT-PL: cert.pl
Vulnerability details
The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution. This issue was…
more
fixed in version wu#2016.1.5513#0#20251014_113353
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.