CRITICAL🇵🇱 Wersja polska

CVE-2025-3322

CVSS 10.0v4.0pub. 2025-06-06upd. 2026-04-15

An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server.

🤖 AI Analysis
How it works

Attacker can remotely supply crafted input data that is not properly neutralized before being passed to the expression language mechanism. Lack of proper validation and sanitization of this data allows injection and execution of arbitrary expressions on the server side. The attack does not require authentication, user interaction, or fulfillment of any special conditions, making it trivial to carry out.

Impact

Attacker gains the ability to remotely execute arbitrary code with the highest privileges on the vulnerable server, leading to complete system takeover, data breach, and potential impact on the network environment.

Mitigation & patch

Apply patches available from the manufacturer according to references published at https://www.bbraun.com/productsecurity

Who is affected

B. Braun products — specific versions indicated in manufacturer references (https://www.bbraun.com/productsecurity)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References