CVE-2025-3837

Improper Input Validation vulnerability in the End of Life (EOL) OVA based connect component

Severity Score

6.1

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

MITRE

An improper input validation vulnerability is identified in the End of Life (EOL) OVA based connect component which is deployed for installation purposes in the customer internal network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. Under certain circumstances, an actor can manipulate a specific request parameter and inject code execution payload which could lead to a remote code execution on the infrastructure hosting this component.

*Credits: Achmea Security Assessment Team (SAT)

CVSS Scores

bd8dbf88-98d9-42c6-be08-cf8e48a32093v4 6.1

Attack Vector

Adjacent

Attack Complexity

Low

Attack Requirements

Present

Privileges Required

None

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

Low

None

Integrity

Low

None

Availability

High

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2025-04-21 CVE Reserved
2025-04-21 CVE Published
2025-04-21 CVE Updated
2025-04-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (1)

URL	Tag	Source
https://saviynt.com/trust-compliance-security

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
-		-				-		-		-