CVE-2025-70046
Inclusion of Untrusted Functionality in Miazzy oa-front-service
Publication date: 2026-03-09
Last updated on: 2026-03-13
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| miazzy | oa-font-service | master |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-829 | The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-70046 is a vulnerability in the oa-front-service software where functionality from an untrusted control sphere can be included. This means the software improperly validates or controls the sources from which it includes functionality, potentially allowing malicious code or unauthorized actions to be executed within the system.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious code or perform unauthorized actions within the affected system. Because the software includes functionality from untrusted sources without proper validation, it exposes the system to potential security risks such as data compromise, system manipulation, or disruption of service.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability CVE-2025-70046 involves the inclusion of functionality from an untrusted control sphere in the oa-front-service software. Detection would require inspecting the source or runtime environment for unauthorized or untrusted code inclusions or executions.
No specific detection commands or network/system scanning methods are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability arises from improper validation or control over sources from which functionality is included, allowing potential execution of malicious code.
Immediate mitigation steps would generally include reviewing and restricting the sources of included functionality in the oa-front-service, ensuring only trusted code is executed, and applying any available patches or updates from the software maintainers.
No explicit mitigation instructions or commands are provided in the available resources.