What is the CVSS score of CVE-2025-45854?

CVE-2025-45854 has a CVSS 3.1 base score of 10.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 17.3%.

Which versions of Jehc Bpm are affected by CVE-2025-45854?

CVE-2025-45854 is a critical remote code execution vulnerability affecting JEHC-BPM 2.0.1 that allows unauthenticated attackers to execute arbitrary commands on affected systems.. A patch is available.

Is there a public PoC exploit available for CVE-2025-45854?

Yes, a public proof-of-concept exploit is available for CVE-2025-45854. Prioritise patching immediately. EPSS: 17.3%.

How to fix or mitigate CVE-2025-45854?

Within 24 hours: Identify and inventory all JEHC-BPM 2.0.1 instances across the environment; isolate or restrict network access to affected systems if patching cannot be completed immediately. Within 7 days: Apply the available vendor patch to all identified systems and validate successful deployment. Within 30 days: Conduct post-patch security assessment and review logs for evidence of exploitation attempts.

Jehc Bpm CVE-2025-45854

EUVD-2025-16756 CRITICAL

Missing Authorization (CWE-862)

2025-06-03 cve@mitre.org

RCE Code Injection Jehc Bpm

10.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:04 euvd

EUVD-2025-16756

Analysis Generated

Mar 14, 2026 - 17:04 vuln.today

Patch released

Mar 14, 2026 - 17:04 nvd

Patch available

PoC Detected

Aug 26, 2025 - 19:15 vuln.today

Public exploit code

CVE Published

Jun 03, 2025 - 16:15 nvd

CRITICAL 10.0

DescriptionNVD

/server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams.

AnalysisAI

Unauthenticated RCE in JEHC-BPM 2.0.1 via execParams. EPSS 17.3%. PoC and patch available. CVSS 10.0.

Technical ContextAI

CWE-862 on /server/executeExec endpoint.

RemediationAI

Apply patch.

CVE-2025-45854 vulnerability details – vuln.today

Back

Jehc Bpm CVE-2025-45854

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code