Remote Code Execution Vulnerability in Cap Collectif Online Decision-Making Platform
CVE-2025-47292

9.5CRITICAL

Key Information:

Vendor
CVE Published:
14 May 2025

What is CVE-2025-47292?

Cap Collectif, an online decision-making platform, has a security flaw in its DebateAlternateArgumentsResolver which allows for the deserialization of a Cursor object. This vulnerability is particularly critical as it permits unauthenticated users to control any classes, potentially leading to unauthorized remote code execution. This issue highlights the importance of secure coding practices and the need for robust authentication mechanisms to protect sensitive functionalities in web applications. A fix was implemented in commit 812f2a7d271b76deab1175bdaf2be0b8102dd198.

Affected Version(s)

cap-collectif < 812f2a7d271b76deab1175bdaf2be0b8102dd198

References

CVSS V4

Score:
9.5
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.