Unsafe Reflection Vulnerability in Progress Telerik UI for AJAX
CVE-2025-3600

7.5HIGH

Key Information:

Vendor

Progress Software
Status
Telerik Ui For Asp.net Ajax
Vendor
CVE Published:
14 May 2025

Badges

📈 Trended📈 Score: 3,170👾 Exploit Exists📰 News Worthy

What is CVE-2025-3600?

CVE-2025-3600 is a vulnerability found in Progress Telerik UI for AJAX, a framework used for creating rich web applications and user interfaces. This vulnerability stems from unsafe reflection practices within versions 2011.2.712 to 2025.1.218. Specifically, it can result in unhandled exceptions, which may crash the hosting process, ultimately leading to denial of service (DoS) for applications that rely on this framework. Organizations relying on Telerik UI for AJAX could face significant disruptions in their web services, affecting user access and potentially damaging their reputation.

Potential Impact of CVE-2025-3600

  1. Denial of Service (DoS): The vulnerability allows an attacker to exploit unsafe reflection, leading to unhandled exceptions that can crash the application, rendering it unavailable to legitimate users.

  2. Operational Disruption: The forced downtime of affected applications may disrupt business operations, causing delays in service delivery and loss of productivity, which could negatively impact customer relationships.

  3. Reputational Damage: Organizations affected by this vulnerability may suffer damage to their reputation due to service outages, leading to diminished trust among clients and stakeholders, potentially affecting future business opportunities.

Affected Version(s)

Telerik UI for ASP.NET AJAX 2011.2.712 < 2025.1.416

News Articles

favicon imagecyberkendra.com

Critical Telerik UI Flaw Puts Millions of Enterprise Applications at Risk

CVE-2025-3600 affects 14 years of Telerik UI releases, enabling DoS attacks and potential RCE.

3 weeks ago

favicon imagewatchTowr Labs

More Than DoS (Progress Telerik UI for ASP.NET AJAX Unsafe Reflection CVE-2025-3600)

Welcome back. We’re excited to yet again publish memes under the guise of research and inevitably receive hate mail. But today, we’ll be doing something slightly different to normal. “Wow, watchTowr, will you actually be publishing useful information instead of memes?” Today, instead of pulling ap...

3 weeks ago

References

https://www.telerik.com/products/aspnet-ajax/documentatio...
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by watchTowr Labs

  • Vulnerability published

  • Vulnerability Reserved

Credit

Piotr Bazydlo (@chudyPB) of watchTowr
JSON
.
CVE-2025-3600 : Unsafe Reflection Vulnerability in Progress Telerik UI for AJAX