The following table lists the changes that have been made to the
CVE-2025-54466 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.
Aug. 15, 2025
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Description | Improper Control of Generation of Code (‘Code Injection’) vulnerability leading to a possible RCE in Apache OFBiz scrum plugin.
This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended to upgrade to version 24.09.02, which fixes the issue. |
|
| Added | CWE | CWE-94 | |
| Added | Reference | https://issues.apache.org/jira/browse/OFBIZ-13276 | |
| Added | Reference | https://lists.apache.org/thread/14d0yd9co9gx2mctd3vyz1cc8d39n915 | |
| Added | Reference | https://ofbiz.apache.org/download.html | |
| Added | Reference | https://ofbiz.apache.org/release-notes-24.09.02.html | |
| Added | Reference | https://ofbiz.apache.org/security.html |
CVE ID : CVE-2025-10304 Published : Dec. 3, 2025, 3:27 a.m. | 26 minutes ago Description : The Everest Backup –
CVE ID : CVE-2025-12585 Published : Dec. 3, 2025, 3:27 a.m. | 26 minutes ago Description : The MxChat – AI
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
