Executive Summary

CVE-2026-25614 is a security vulnerability affecting Blesta versions 3.0.0 through 5.13.1. It involves object injection flaws, specifically identified as CORE-5680 among others. Object injection vulnerabilities allow an attacker to manipulate serialized objects, potentially leading to unauthorized actions within the application.

This vulnerability can be exploited remotely under certain conditions, which may lead to remote code execution, a critical security issue.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can have a critical impact, including the possibility of remote code execution. This means an attacker could execute arbitrary code on the affected system, potentially gaining control over the server running Blesta.

Such an exploit could lead to data breaches, unauthorized access to sensitive information, disruption of services, and compromise of the entire hosting environment.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate the vulnerability in Blesta versions 3.x through 5.x before 5.13.3, users should upgrade to version 5.13.3 or apply the appropriate patches for their specific minor versions.

• Upgrade to Blesta version 5.13.3 if running versions between 3.0 and 5.10.
• Apply the 5.13.3 patch if running version 5.13.x.
• Apply the 5.12.4 patch if running version 5.12.x.
• Apply the 5.11.5 patch if running version 5.11.x.

If immediate upgrading is not possible, update the 2Checkout payment gateway to its latest version from GitHub as a mitigation step.

Before upgrading, back up all files and databases, and after installation, run the /admin/upgrade script.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

I don't know

Useful 0 Not Useful 0