Skip to main content

CVE-2025-3322

| EUVDEUVD-2025-17092 CRITICAL
Improper Neutralization of Special Elements used in an Expression Language Statement (CWE-917)
2025-06-06 productsecurity@bbraun.com
10.0
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 18:10 euvd
EUVD-2025-17092
Analysis Generated
Mar 14, 2026 - 18:10 vuln.today
CVE Published
Jun 06, 2025 - 09:15 nvd
CRITICAL 10.0

DescriptionCVE.org

An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server.

AnalysisAI

Critical remote code execution vulnerability in expression language processors that allows unauthenticated attackers to execute arbitrary code with maximum server privileges through improper input neutralization. This is a perfect-score CVSS 10.0 vulnerability affecting expression language engines across multiple frameworks; exploitation requires no authentication, user interaction, or special configuration, making it an immediate priority for any organization using affected technologies.

Technical ContextAI

This vulnerability exploits CWE-917 (Expression Language Injection), a weakness in how expression language processors handle user-supplied input without proper sanitization. Expression languages (EL) such as OGNL, MVEL, SpEL (Spring), and JEXL are commonly embedded in web frameworks and template engines to dynamically evaluate expressions. When user input flows directly into EL evaluation functions without neutralization (e.g., via request parameters, headers, or form data), attackers can inject malicious expressions that access and manipulate server objects, invoke arbitrary methods, and ultimately achieve remote code execution. The lack of input validation or sandboxing allows the attacker to break out of the intended expression scope and execute system commands with the privileges of the application server process.

RemediationAI

Immediate remediation steps: (1) Consult vendor security advisories for CVE-2025-3322 patches—apply security updates to all affected expression language libraries and frameworks without delay; (2) If patches are unavailable, implement input validation and sanitization: disable or restrict expression language evaluation, use allowlisting for permitted expression syntax, implement strict input validation to reject suspicious patterns (${, #{, OGNL/SpEL syntax); (3) Apply defense-in-depth: disable unnecessary expression language features, run applications with minimal privileges (non-root), use Web Application Firewalls (WAF) to detect and block EL injection attempts; (4) For temporary mitigation before patching, isolate affected systems or restrict network access to trusted sources only; (5) Scan dependencies with tools like OWASP Dependency-Check or Snyk to identify library versions in use and flag vulnerable versions; (6) Review vendor advisories and patch management portals (e.g., NVD, vendor security pages) for specific patched versions and release dates.

Share

CVE-2025-3322 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy