QwikSec

Security Database

CVE

CWE

Training

CVE-2025-47292

Published: May 14, 2025

Modified: May 14, 2025

PUBLISHED

Description

Cap Collectif is an online decision making platform that integrates several tools. Before commit 812f2a7d271b76deab1175bdaf2be0b8102dd198, the `DebateAlternateArgumentsResolver` deserializes a `Cursor`, allowing any classes and which can be controlled by unauthenticated user. Exploitation of this vulnerability can lead to Remote Code Execution. The vulnerability is fixed in commit 812f2a7d271b76deab1175bdaf2be0b8102dd198.

Vendor	Product	Versions
cap-collectif	cap-collectif	affected `< 812f2a7d271b76deab1175bdaf2be0b8102dd198`

Weaknesses (CWE)

References

https://github.com/cap-collectif/cap-collectif/security/advisories/GHSA-hf7r-rjh4-5fc8

x_refsource_CONFIRM

https://github.com/cap-collectif/cap-collectif/commit/812f2a7d271b76deab1175bdaf2be0b8102dd198

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.