VDB
CVE-2025-4011
CVE-2025-4011
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Redmine ist eine Web-basierte Projektmanagement Anwendung, die in Ruby on Rails geschrieben ist.
EPSS 0.23% · 46.5th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.23%
46.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redmine.org | Redmine.org Redmine <5.0.12 | |
| Redmine.org | Redmine.org Redmine <6.0.4 | |
| Redmine.org | Redmine.org Redmine <5.1.7 |
Exploit Intelligence
- CIRCL seen: CVE-2025-4011 (circl-sighting)
- CIRCL seen: CVE-2025-4011 (circl-sighting)
- VDB-306364 | Redmine Custom Query cross site scripting (circl)
- VDB-306364 | CTI Indicators (IOB, IOC, TTP, IOA) (circl)
- Submit #558240 | Redmine redmine 6.0.0 - 6.0.3 Improper Input Validation (circl)
- https://www.redmine.org/issues/42238 (circl)
- https://www.redmine.org/projects/redmine/wiki/Security_Advisories (circl)
- https://www.redmine.org/versions/206 (circl)
Timeline
- Apr 28, 2025 EPSS Score
- Apr 28, 2025 Coalition ESS Score
- Apr 28, 2025 CVE Published
- Apr 28, 2025 PoC Published
- Apr 28, 2025 PoC Published
- Apr 29, 2025 Coalition ESS Score
- May 10, 2025 EPSS Score
- May 22, 2025 EPSS Score
- Jun 3, 2025 EPSS Score
- Jun 15, 2025 EPSS Score
- Jun 27, 2025 EPSS Score
- Jul 9, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0899.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0899 advisory
- https://www.redmine.org/projects/redmine/wiki/Security_Advisories advisory
- https://www.redmineadvisor.com/articles/6_0/redmine-6_0_4-released/ advisory