CVE Daily

CVE-2025-54466

Improper Control of Generation of Code ('Code Injection') vulnerability leading ...

Medium CVSS 6.3

Overview

Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin.

This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used.

Even unauthenticated attackers can exploit this vulnerability.


Users are recommended to upgrade to version 24.09.02, which fixes the issue.

CWE: CWE-94 Published: 2025-08-15T15:15:32.360
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.3 (MEDIUM)
  • Detected tags: apache (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags