CVE-2025-40592
Published: Jun 12, 2025
Modified: Jul 8, 2025
CVSS v3.1
6.1
Description
A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix Studio Pro 10.12 (All versions < V10.12.17), Mendix Studio Pro 10.18 (All versions < V10.18.7), Mendix Studio Pro 10.6 (All versions < V10.6.24), Mendix Studio Pro 11 (All versions < V11.0.0), Mendix Studio Pro 8 (All versions < V8.18.35), Mendix Studio Pro 9 (All versions < V9.24.35). A zip path traversal vulnerability exists in the module installation process of Studio Pro. By crafting a malicious module and distributing it via (for example) the Mendix Marketplace, an attacker could write or modify arbitrary files in directories outside a developer’s project directory upon module installation.
| Vendor | Product | Versions |
|---|---|---|
Siemens | Mendix Studio Pro 10 | affected 0 - < V10.23.0 |
Siemens | Mendix Studio Pro 10.12 | affected 0 - < V10.12.17 |
Siemens | Mendix Studio Pro 10.18 | affected 0 - < V10.18.7 |
Siemens | Mendix Studio Pro 10.6 | affected 0 - < V10.6.24 |
Siemens | Mendix Studio Pro 11 | affected 0 - < V11.0.0 |
Siemens | Mendix Studio Pro 8 | affected 0 - < V8.18.35 |
Siemens | Mendix Studio Pro 9 | affected 0 - < V9.24.35 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now