CVE-2025-27925
Published: 10 March 2025
Summary
CVE-2025-27925 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Nintex Automation. Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 31.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-27925 is an insecure deserialization vulnerability (CWE-502) in Nintex Automation versions 5.6 and 5.7 before 5.8. The issue stems from unsafe deserialization of user input, which can lead to arbitrary code execution. Published on 2025-03-10, it carries a CVSS v3.1 base score of 8.5 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.
A low-privileged user (PR:L) with network access (AV:N) can exploit this vulnerability, though it requires high attack complexity (AC:H) and no user interaction (UI:N). Successful exploitation changes scope (S:C) and enables high-impact outcomes, including unauthorized access to sensitive data, modification of system resources, and disruption of services, potentially resulting in complete compromise of the affected Nintex Automation instance.
The vendor advisory in the Nintex release notes at https://help.nintex.com/en-US/platform/ReleaseNotes/K2Five.htm addresses mitigation, with the vulnerability fixed in Nintex Automation 5.8 and later versions. Security practitioners should prioritize upgrading affected deployments to patch this flaw.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-7825
Vulnerability details
Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Insecure deserialization (CWE-502) in a network-accessible application allows low-privileged authenticated users to achieve arbitrary code execution, directly enabling privilege escalation via exploitation (T1068) and command/script interpreter execution (T1059).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the insecure deserialization vulnerability by requiring timely patching to Nintex Automation 5.8 or later as specified in the vendor advisory.
Prevents exploitation of the deserialization flaw by validating and sanitizing untrusted user input before processing to block malicious payloads.
Identifies the CVE-2025-27925 vulnerability through scanning and prompts remediation to address the unsafe deserialization issue.