Ladybug has an XMLDecoder Deserialization Vulnerability (Java RCE)_CVE-2025-66214

7 / 10

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

Description

Ladybug adds message-based debugging, unit, system, and regression testing to Java applications. Versions prior to 3.0-20251107.114628 contain the APIs /iaf/ladybug/api/report/{storage} and /iaf/ladybug/api/report/upload, which allow uploading gzip-compressed XML files with user-controllable content. The system deserializes these XML files, enabling attackers to achieve Remote Code Execution (RCE) by submitting carefully crafted XML payloads and thereby gain access to the target server. This issue is fixed in version 3.0-20251107.114628.

Basic Information

ID CVE-2025-66214

Source GitHub_M

Published Dec 9, 2025 at 19:37

Affected Product

Vendor wearefrank

Product ladybug

Version < 3.0-20251107.114628

Affected Versions wearefrank ladybug < 3.0-20251107.114628

CWE Classification

CWE-502

References

github.com /wearefrank/ladybug/security/advisories/GHSA-f9fh-r3cv-398f

{
    "lastseen": "",
    "description": "Ladybug adds message-based debugging, unit, system, and regression testing to Java applications. Versions prior to 3.0-20251107.114628 contain the APIs /iaf/ladybug/api/report/{storage} and /iaf/ladybug/api/report/upload, which allow uploading gzip-compressed XML files with user-controllable content. The system deserializes these XML files, enabling attackers to achieve Remote Code Execution (RCE) by submitting carefully crafted XML payloads and thereby gain access to the target server. This issue is fixed in version 3.0-20251107.114628.",
    "published": "2025-12-09T19:37:18.664Z",
    "modified": "2025-12-09T19:37:18.664Z",
    "type": "cve",
    "title": "Ladybug has an XMLDecoder Deserialization Vulnerability (Java RCE)",
    "source": "GitHub_M",
    "references": "https://github.com/wearefrank/ladybug/security/advisories/GHSA-f9fh-r3cv-398f",
    "id": "CVE-2025-66214",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "wearefrank ladybug < 3.0-20251107.114628",
    "sourceHref": "",
    "cvss": {
        "score": 7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ladybug",
    "version": "< 3.0-20251107.114628",
    "vendor": "wearefrank",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}