CVE-2025-0632
Published: Apr 21, 2025
Modified: Apr 28, 2025
Description
Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to exfiltrate data including credentials, and with no rate limiting a malicious actor could enumerate the filesystem of the host machine and potentially lead to full host compromise. This issue affects Rock Maker Web: from 3.2.1.1 and later
| Vendor | Product | Versions |
|---|---|---|
Formulatrix | Rock Maker Web | affected 3.2.1.1 - <= 3.18.3.2 |
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now