Cyber Resilience

CVE-2025-27925

HighRCE

Published: 10 March 2025

Published
10 March 2025
Modified
29 January 2026
KEV Added
Patch
CVSS Score v3.1 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0013 31.9th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27925 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Nintex Automation. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 31.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-27925 is an insecure deserialization vulnerability (CWE-502) in Nintex Automation versions 5.6 and 5.7 before 5.8. The issue stems from unsafe deserialization of user input, which can lead to arbitrary code execution. Published on 2025-03-10, it carries a CVSS v3.1 base score of 8.5 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.

A low-privileged user (PR:L) with network access (AV:N) can exploit this vulnerability, though it requires high attack complexity (AC:H) and no user interaction (UI:N). Successful exploitation changes scope (S:C) and enables high-impact outcomes, including unauthorized access to sensitive data, modification of system resources, and disruption of services, potentially resulting in complete compromise of the affected Nintex Automation instance.

The vendor advisory in the Nintex release notes at https://help.nintex.com/en-US/platform/ReleaseNotes/K2Five.htm addresses mitigation, with the vulnerability fixed in Nintex Automation 5.8 and later versions. Security practitioners should prioritize upgrading affected deployments to patch this flaw.

EU & UK References

Vulnerability details

Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Insecure deserialization (CWE-502) in a network-accessible application allows low-privileged authenticated users to achieve arbitrary code execution, directly enabling privilege escalation via exploitation (T1068) and command/script interpreter execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-33247Shared CWE-502
CVE-2026-25614Shared CWE-502
CVE-2026-37552Shared CWE-502
CVE-2025-26921Shared CWE-502
CVE-2026-24159Shared CWE-502
CVE-2025-66214Shared CWE-502
CVE-2026-4416Shared CWE-502
CVE-2026-25166Shared CWE-502
CVE-2025-24794Shared CWE-502
CVE-2026-24157Shared CWE-502

Affected Assets

nintex
automation
5.6 — 5.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the insecure deserialization vulnerability by requiring timely patching to Nintex Automation 5.8 or later as specified in the vendor advisory.

prevent

Prevents exploitation of the deserialization flaw by validating and sanitizing untrusted user input before processing to block malicious payloads.

detectrespond

Identifies the CVE-2025-27925 vulnerability through scanning and prompts remediation to address the unsafe deserialization issue.

References