Platform
java
Component
org.dromara.warm:warm-flow-plugin-modes-sb
Fixed in
1.8.1
1.8.2
1.8.3
1.8.4
1.8.5
1.8.5
CVE-2026-6125 represents a code injection vulnerability found within the Dromara warm-flow plugin, specifically impacting the Workflow Definition Handler component. Attackers can exploit this flaw by manipulating arguments like listenerPath, skipCondition, and permissionFlag, leading to potentially unauthorized code execution. This vulnerability affects versions of the plugin up to and including 1.8.4, but a patch is available in version 1.8.5.
A critical security vulnerability has been discovered in Dromara warm-flow versions up to 1.8.4 (CVE-2026-6125). This vulnerability, rated with a CVSS score of 6.3, resides within the SpelHelper.parseExpression function of the /warm-flow/save-json file, within the 'Workflow Definition Handler' component. A remote attacker can exploit this flaw by manipulating the listenerPath, skipCondition, or permissionFlag arguments, resulting in code injection. The severity of this vulnerability is heightened by the fact that the exploit has been publicly released and is available for use, significantly increasing the risk of active attacks. Code injection can allow an attacker to execute arbitrary commands on the system, compromising the confidentiality, integrity, and availability of data.
The vulnerability is exploited through the manipulation of input arguments to the SpelHelper.parseExpression function. An attacker can send malicious data through the user interface or via an API, which is then processed by the vulnerable function. The lack of proper validation or sanitization of these arguments allows for code injection, which can be used to execute arbitrary commands on the server. The public availability of the exploit facilitates exploitation by attackers with varying levels of technical skill. Monitoring system logs for known attack patterns and taking preventative measures to block malicious traffic is recommended.
Exploit Status
EPSS
0.05% (15% percentile)
CISA SSVC
CVSS Vector
The immediate recommended mitigation is to upgrade Dromara warm-flow to version 1.8.5 or higher. This version contains a fix that directly addresses the code injection vulnerability. While performing the upgrade, it is recommended to implement additional security measures, such as restricting access to the SpelHelper.parseExpression function and monitoring the system for suspicious activity. It is crucial to review and strengthen security policies to prevent future similar attacks. Furthermore, a vulnerability assessment should be conducted to identify and remediate any other potential weaknesses in the system. The upgrade should be prioritized to minimize the risk of exploitation.
Update the warm-flow library to a patched version. The vulnerability allows code injection through manipulation of arguments in the SpelHelper.parseExpression function. Refer to the vendor's documentation for specific upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
It's a unique identifier for a security vulnerability in Dromara warm-flow.
It's a type of attack where an attacker inserts malicious code into an application, which is then executed on the server.
If you are using a version of Dromara warm-flow older than 1.8.5, you are vulnerable.
Implement additional security measures, such as restricting access and monitoring the system.
Consult the official Dromara warm-flow documentation and related security advisories.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.