- Description
- An improper input validation vulnerability is identified in the End of Life (EOL) OVA based connect component which is deployed for installation purposes in the customer internal network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. Under certain circumstances, an actor can manipulate a specific request parameter and inject code execution payload which could lead to a remote code execution on the infrastructure hosting this component.
- Source
- bd8dbf88-98d9-42c6-be08-cf8e48a32093
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 6.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
- bd8dbf88-98d9-42c6-be08-cf8e48a32093
- CWE-20
- Hype score
- Not currently trending
🚨 CVE-2025-3837 🟠 MEDIUM (6.1) 🏢 Saviynt - OVA based Connect 🏗️ AlmaLinux-8.x_SC2.0-Client-2.0 🔗 https://t.co/fb290tytoB #CyberCron #VulnAlert #InfoSec https://t.co/UfvZSZwN6e
@cybercronai
21 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2025-3837 | Saviynt OVA based Connect up to RHEL-8.x_SC2.0-Client-3.0 on Linux Request input validation) has been published on https://t.co/TLJxAetkLT
@WolfgangSesin
21 Apr 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3837 Remote Code Execution in End of Life OVA Connect Component Before January 2024 https://t.co/Po29tnzww7
@VulmonFeeds
21 Apr 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3837 An improper input validation vulnerability is identified in the End of Life (EOL) OVA based connect component which is deployed for installation purposes in the custome… https://t.co/jqNigS8aWw
@CVEnew
21 Apr 2025
538 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes