QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-47771

Back to search

CVE-2025-47771

Published: Jun 19, 2025

Modified: Jun 20, 2025

PUBLISHED

Description

PowSyBl (Power System Blocks) is a framework to build power system oriented software. In versions 6.3.0 to 6.7.1, there is a deserialization issue in the read method of the SparseMatrix class that can lead to a wide range of privilege escalations depending on the circumstances. This method takes in an InputStream and returns a SparseMatrix object. This issue has been patched in com.powsybl:powsybl-math: 6.7.2. A workaround for this issue involves not using SparseMatrix deserialization (SparseMatrix.read(...) methods).

VendorProductVersions

powsybl

powsybl-core

affected
>= 6.3.0, < 6.7.2

Weaknesses (CWE)

CWE-502

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now