CVE-2025-3322: Improper Neutralization of Special Elements in OnlineSuite
10.0
CVSS
Description
An improper neutralization of inputs used in expression
language allows remote code execution with the highest privileges on the
server.
Classification
CVE ID: CVE-2025-3322
CVSS Base Severity: CRITICAL
CVSS Base Score: 10.0
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Problem Types
CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')Affected Products
Vendor: B. Braun Melsungen AG
Product: OnlineSuite
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.45% (probability of being exploited)
EPSS Percentile: 62.55% (scored less or equal to compared to others)
EPSS Date: 2025-06-07 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-3322https://www.bbraun.com/productsecurity