JEHC-BPM - Remote Code Execute

Short Info

Level

Critical

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

17 days 23 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

A Remote Command Execution vulnerability in the component /server/executeExec of JEHC-BPM <= v2.0.1 allows attackers to execute arbitrary code. The vulnerability exists due to insufficient authorization checks in the executeExec endpoint which allows direct command execution.

References:

https://gist.github.com/Cafe-Tea/bc14b38f4bfd951de2979a24c3358460
https://nvd.nist.gov/vuln/detail/CVE-2025-45854

Get started to protecting your digital assets

Start trial See the plans

JEHC-BPM - Remote Code Execute

Short Info

-

Detail

Category