Which versions of Java are affected by CVE-2025-10252?

CVE-2025-10252 is a low-severity vulnerability in SEAT Queue Ticket Kiosk involving input validation (CVSS 2.3).

How to fix or mitigate CVE-2025-10252?

During next maintenance window: Apply vendor patches when convenient. Verify input validation controls are in place.

Java CVE-2025-10252

Q: What is the CVSS score of CVE-2025-10252?

CVE-2025-10252 has a CVSS 4.0 base score of 1.3 (Low). CVSS vector: CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

Improper Input Validation (CWE-20)

2025-09-11 cna@vuldb.com

Deserialization Java

1.3

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.3 LOW

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

2.3 (LOW) 1.3 (LOW)

Analysis Generated

Mar 28, 2026 - 19:11 vuln.today

CVE Published

Sep 11, 2025 - 14:15 nvd

LOW 2.3

DescriptionCVE.org

A flaw has been found in SEAT Queue Ticket Kiosk up to 20250827. This affects an unknown part of the component Java RMI Registry Handler. This manipulation causes deserialization. The attack can only be done within the local network. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

A flaw has been found in SEAT Queue Ticket Kiosk up to 20250827. Rated low severity (CVSS 2.3), this vulnerability is no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. A flaw has been found in SEAT Queue Ticket Kiosk up to 20250827. This affects an unknown part of the component Java RMI Registry Handler. This manipulation causes deserialization. The attack can only be done within the local network. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure but did not respond in any way. Version information: up to 20250827..

Affected ProductsAI

SEAT Queue Ticket Kiosk up to 20250827. This affects an unknown part of the component Java RMI Registry Handler. This manipulation causes deserialization. The attack can only be done within the local network. The attack.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.