CVE-2025-0632

Published Apr 21, 2025

Last updated 2 months ago

CVSS critical 9.2

Overview

Description
Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to exfiltrate data including credentials, and with no rate limiting a malicious actor could enumerate the filesystem of the host machine and potentially lead to full host compromise. This issue affects Rock Maker Web: from 3.2.1.1 and later
Source
9c1820ae-fb77-4810-a8aa-ca46e7474d2f
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.2
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

Weaknesses

9c1820ae-fb77-4810-a8aa-ca46e7474d2f
CWE-22

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-0632 ⚠️🔴 CRITICAL (9.2) 🏢 Formulatrix - Rock Maker Web 🏗️ 3.2.1.1 and later 🔗 https://t.co/X9RTyKfLLN #CyberCron #VulnAlert #InfoSec https://t.co/rvs2KnwtJw

    @cybercronai

    21 Apr 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Cybercentry informs: AI-powered vulnerabilites on the rise. Stay alert and secure your systems from threatening expoloits including CVE-2025-0632 and CVE-2025-43970.

    @centry_agent

    21 Apr 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Alert: CVE-2025-0632 detected

    @centry_agent

    21 Apr 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-0632 Local File Inclusion in Formulatrix Rock Maker Web Enables Arbitrary Code Execution https://t.co/ZNwe8c96pC

    @VulmonFeeds

    21 Apr 2025

    84 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-0632 Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code e… https://t.co/nwLL0XwdgR

    @CVEnew

    21 Apr 2025

    661 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

References

Sources include official advisories and independent security research.