SecuriTricks - CVE-2025-3837

Description

An improper input validation vulnerability is identified in the End of Life (EOL) OVA based connect component which is deployed for installation purposes in the customer internal network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. Under certain circumstances, an actor can manipulate a specific request parameter and inject code execution payload which could lead to a remote code execution on the infrastructure hosting this component.

Product(s) Impacted

Vendor	Product	Versions
*	Eol Ova Component	*

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	/	eol_ova_component	/	/	/	/	/	/	/	/

References

https://saviynt.com/trust-compliance-security

CVSS Score

6.1 / 10

CVSS Data - 4.0

Attack Vector: ADJACENT
Attack Complexity: LOW
Attack Requirements: PRESENT
Privileges Required: NONE
User Interaction: NONE
Scope:
Confidentiality Impact: LOW
Integrity Impact: LOW
Availability Impact: HIGH
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: April 21, 2025, 10:15 a.m.
Last Modified: April 21, 2025, 2:23 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

bd8dbf88-98d9-42c6-be08-cf8e48a32093

CVE-2025-3837