CVE-2025-3322

Summary

An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server.

Affected Software

VendorProductVersion RangeStatus
B. Braun Melsungen AGOnlineSuite3.0affected

Weaknesses

  • CWE-917: CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References