CVE 9.8 CRITICAL

CVE-2025-60889_CVE-2025-60889

April 30, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts.

AI Analysis

Insecure deserialization vulnerability in StellarGroup HPX allowing arbitrary code execution

Basic Information

ID CVE-2025-60889

Source mitre

Published Apr 28, 2026 at 00:00

Modified Apr 30, 2026 at 15:22

Affected Product

Vendor StellarGroup

Product HPX

Version 1.11.0

Affected Versions n/a n/a n/a

CWE Classification

CWE-502

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor StellarGroup

Product HPX

Version 1.11.0

References

{
    "lastseen": "",
    "description": "Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts.",
    "published": "2026-04-28T00:00:00.000Z",
    "modified": "2026-04-30T15:22:55.199Z",
    "type": "cve",
    "title": "CVE-2025-60889",
    "source": "mitre",
    "references": "http://hpx.com\nhttp://stellargroup.com\nhttps://gist.github.com/TrebledJ/b32fd5c469583493ab50244045c9a6e4",
    "id": "CVE-2025-60889",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HPX",
    "version": "1.11.0",
    "vendor": "StellarGroup",
    "ai_description": "Insecure deserialization vulnerability in StellarGroup HPX allowing arbitrary code execution",
    "ai_severity": "Critical",
    "ai_vendor": "StellarGroup",
    "ai_product": "HPX",
    "ai_version": "1.11.0",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply