CVE Details
Basic Information
| Title | Scripts within reports executable on BRAIN2 Server |
|---|---|
| Type | cve |
| Published | 2025-06-23T12:48:33.951Z |
| Last Seen |
Product Information
| Vendor | Bizerba SE & Co. KG |
|---|---|
| Product | BRAIN2 |
| Version | 0.0 |
CVSS Information
| Base Score | 10.0 (CRITICAL) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A non-admin user can embed scripts in reports, which can execute with administrator privileges on the BRAIN2 server, potentially leading to code execution and privilege escalation. |
|---|---|
| AI Severity | Critical |
| Vendor | Bizerba SE & Co. KG |
| Product | BRAIN2 |
| Affected Version | 0.0 |
Affected Products
- Bizerba SE & Co. KG BRAIN2 0.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-94 |
| Bulletin Family |
References
Description
On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights.