AI description
CVE-2025-3600 is an unsafe reflection vulnerability found in Progress Telerik UI for AJAX, affecting versions 2011.2.712 up to 2025.1.218. This vulnerability can lead to an unhandled exception. The vulnerability may cause the hosting process to crash, resulting in a denial-of-service condition. In certain environments, the impact of CVE-2025-3600 could be escalated to remote code execution.
- Description
- In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service.
- Source
- security@progress.com
- NVD status
- Analyzed
- Products
- telerik_ui_for_asp.net_ajax
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-400
- Hype score
- Not currently trending
More Than DoS (Progress Telerik UI for https://t.co/qACazpsWPZ AJAX Unsafe Reflection CVE-2025-3600) - watchTowr Labs https://t.co/YW44irW8Jn
@Karma_X_Inc
19 Oct 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
More Than DoS (Progress Telerik UI for https://t.co/fiphvfY94y AJAX Unsafe Reflection CVE-2025-3600) - watchTowr Labs https://t.co/6ylqoYYdr2
@CrowdCyber_Com
18 Oct 2025
157 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#AppSec 1⃣ CVE-2025-3600: More Than DoS https://t.co/mUobtK2tRi // Progress Telerik UI for ASP NET AJAX Unsafe Reflection 2⃣ Weaponizing Discord for Command and Control Across npm, PyPI, and RubyGems https://t.co/eUMUReJZmQ // Threat actors exploit Discord webhooks in malic
@ksg93rd
12 Oct 2025
37 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🚨 CRITICAL: CVE-2025-3600 in Telerik UI for https://t.co/37luczb6de AJAX affects millions of enterprise apps worldwide. 14 years of versions vulnerable to trivial exploitation—a single HTTP request can crash systems or enable RCE when chained. Patch NOW. Read Details - http
@cyberkendra
10 Oct 2025
83 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Today, we publish our analysis of CVE-2025-3600 that we discovered in Telerik UI, a prolific library used in hundreds of thousands of applications. Tagged as a Denial of Service vulnerability, today we go deeper and demonstrate RCE scenarios.. https://t.co/RzHmW1Mrgu
@watchtowrcyber
10 Oct 2025
24435 Impressions
49 Retweets
137 Likes
69 Bookmarks
2 Replies
3 Quotes
CVE-2025-3600 In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a c… https://t.co/qQiGP8TedR
@CVEnew
14 May 2025
344 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C70541A7-BB83-4E23-927A-0676BD5A0E1E",
"versionEndIncluding": "2025.1.218",
"versionStartIncluding": "2011.2712"
}
],
"operator": "OR"
}
]
}
]