Designer
CVE-2023-25260
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion.
AnalysisAI
Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-552. Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion. Affected products include: Stimulsoft Designer.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSRF). Rated high sever
Certain Stimulsoft GmbH products are affected by: Remote Code Execution. Rated critical severity (CVSS 9.8), this vulner
In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attac
Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote
Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. [CVSS 5.3 MEDIUM
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today