Deserialization Vulnerability in SEAT Queue Ticket Kiosk by SEAT
CVE-2025-10252

2.3LOW

Key Information:

Vendor: Seat
Status: Queue Ticket KiOSk
Vendor: CVE Published:; 11 September 2025

What is CVE-2025-10252?

A vulnerability has been identified in the SEAT Queue Ticket Kiosk, specifically within the Java RMI Registry Handler, which allows for deserialization manipulation. This issue affects versions of the product up until August 27, 2025. The exploit can only be executed from within the local network, posing a challenge for potential attackers. Although the vendor was notified of this issue, they did not respond to the disclosure. The complexity of the attack suggests that while it is technically feasible, it may require a certain level of expertise to exploit effectively.

Affected Version(s)

Queue Ticket Kiosk 20250827

References

https://vuldb.com/?id.323612

vdb-entry

https://vuldb.com/?ctiid.323612

signaturepermissions-required

https://vuldb.com/?submit.642598

third-party-advisory

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Sep 11, 2025

Credit

j369 (VulDB User)

Seat

What is CVE-2025-10252?

Affected Version(s)

References

CVSS V4

Timeline

Credit