CVE-2022-25767: Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console

Severity: Critical

CVSS Score: 9.8

All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets.