How to fix CVE-2025-27925?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Restrict deserialization to trusted data sources and implement integrity checks.

Is Deserialization affected by CVE-2025-27925?

Organizations using Nintex Automation 5.6 and 5.7 before 5.8 face significant risk from CVE-2025-27925, a insecure deserialization vulnerability rated CVSS 8.5. Insecure deserialization could allow attackers to execute arbitrary code by providing crafted serialized data.

CVE-2025-27925

HIGH

2025-03-10 [email protected]

8.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 19:50 vuln.today

CVE Published

Mar 10, 2025 - 23:15 nvd

HIGH 8.5

Description

Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input.

Analysis

Nintex Automation 5.6 and 5.7 versions up to 5.8 is affected by deserialization of untrusted data (CVSS 8.5).

Technical Context

This vulnerability (CWE-502: Deserialization of Untrusted Data) affects Nintex Automation 5.6 and 5.7. Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input.

Affected Products

Product: Nintex Automation 5.6 and 5.7. Versions: up to 5.8.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +42

POC: 0

CVE-2025-27925 vulnerability details – vuln.today

Back

CVE-2025-27925

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-27925

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code