Unsafe Reflection Vulnerability in Progress Telerik UI for AJAX
CVE-2025-3600

7.5HIGH

Key Information:

Vendor: Progress Software
Status: Telerik Ui For Asp.net Ajax
Vendor: CVE Published:; 14 May 2025

🔔 Create Progress Software Vulnerability Alert

What is CVE-2025-3600?

An unsafe reflection vulnerability in Progress Telerik UI for AJAX may allow an attacker to cause unhandled exceptions, leading to crashes of the hosting process. This can effectively result in denial of service for applications relying on the affected versions, impacting availability and user access.

Affected Version(s)

Telerik UI for ASP.NET AJAX 2011.2.712 < 2025.1.416

References

https://www.telerik.com/products/aspnet-ajax/documentatio...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2025
Vulnerability Reserved
Apr 14, 2025

Credit

Piotr Bazydlo (@chudyPB) of watchTowr