CVE-2025-63690
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-07

Last updated on: 2025-12-08

Assigner: MITRE

Description
In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a parameterless constructor and its methods with parameter type String through reflection. At this time, the eval method in Tomcat's built-in class jakarta.el.ELProcessor can be used to execute commands, leading to a remote code execution vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-07
Last Modified
2025-12-08
Generated
2026-06-16
AI Q&A
2025-11-07
EPSS Evaluated
2026-06-14
NVD
CVE-2025-63690
EUVD
EUVD-2025-38290
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pig4cloud pig to 3.8.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-470 The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in pig-mesh Pig versions 3.8.2 and below. It occurs in the Quartz management function under the system management module when setting up scheduled tasks. An attacker can exploit this by executing any Java class that has a parameterless constructor and methods with a String parameter type through reflection. Specifically, the eval method in Tomcat's built-in class jakarta.el.ELProcessor can be used to execute arbitrary commands, resulting in remote code execution.

Impact Analysis

This vulnerability can allow an attacker to remotely execute arbitrary code on the affected system. This means the attacker could potentially take full control of the system, execute malicious commands, access sensitive data, disrupt services, or use the system as a foothold for further attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-63690. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart