Remote Code Execution Vulnerability in Cap Collectif Online Decision-Making Platform
CVE-2025-47292
9.5CRITICAL
What is CVE-2025-47292?
Cap Collectif, an online decision-making platform, has a security flaw in its DebateAlternateArgumentsResolver which allows for the deserialization of a Cursor object. This vulnerability is particularly critical as it permits unauthenticated users to control any classes, potentially leading to unauthorized remote code execution. This issue highlights the importance of secure coding practices and the need for robust authentication mechanisms to protect sensitive functionalities in web applications. A fix was implemented in commit 812f2a7d271b76deab1175bdaf2be0b8102dd198.
Affected Version(s)
cap-collectif < 812f2a7d271b76deab1175bdaf2be0b8102dd198
