CVE-2025-6512

Summary

On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights.

Affected Software

VendorProductVersion RangeStatus
Bizerba SE & Co. KGBRAIN20.0 < 3.06affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

Workarounds

BRAIN2 users can be deprived of the right to edit the reports

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References