Mendix Studio Pro 10 22
Monthly
Code injection via malicious project files in Mendix Studio Pro 10.11 through 11.11 allows arbitrary code execution on a developer's workstation when a victim opens and runs a specially crafted project through the build pipeline. Siemens' own ProductCERT (SSA-779310) reported this flaw, classifying it under CWE-94, with patches available only for the 10.24 and 11.6 long-term support lines. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; however, the breadth of affected versions - spanning the entire 10.x and 11.x release trees - means most active Mendix developer environments are exposed.
Code injection via malicious project files in Mendix Studio Pro 10.11 through 11.11 allows arbitrary code execution on a developer's workstation when a victim opens and runs a specially crafted project through the build pipeline. Siemens' own ProductCERT (SSA-779310) reported this flaw, classifying it under CWE-94, with patches available only for the 10.24 and 11.6 long-term support lines. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; however, the breadth of affected versions - spanning the entire 10.x and 11.x release trees - means most active Mendix developer environments are exposed.