CVE-2025-7916

Critical CVSS 9.8

Overview

WinMatrix3 developed by Simopro Technology has an Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server by sending maliciously crafted serialized contents.

CWE: CWE-502 Published: 2025-07-21T06:15:27.817

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.8 (CRITICAL)
Detected tags: deserialization, rce (tag impact: VERY HIGH)

Recommended actions:

Avoid untrusted deserialization; prefer safe formats (JSON) and signatures.
Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.

Overview

Recommended tools

Tags