CVE-2025-29157

Published: Sep 25, 2025

Modified: Sep 26, 2025

PUBLISHED

Description

An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name (default) and server version

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/swagger-api/swagger-petstore

https://petstore3.swagger.io/#/pet/updatePet

https://gist.github.com/HouqiyuA/3c36f78e8de9f6a3cfb0959477c07443

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-29157

Description

Affected Products

References