JEHC-BPM - Remote Code Execute

A Remote Command Execution vulnerability in the component /server/executeExec of JEHC-BPM = v2.0.1 allows attackers to execute arbitrary code. The vulnerability exists due to insufficient authorization checks in the executeExec endpoint which allows direct command execution. id: CVE-2025-45854...

CVE-2025-45854

/server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams...

EUVD-2025-16756

/server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams...

CVE-2025-45854

/server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams...

CVE-2025-45854

/server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams...

CVE-2025-45854

/server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams...

CVE-2025-45854

/server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams...

CVE-2025-45854

JEHC-BPM contains a Remote Code Execution vulnerability in the /server/executeExec endpoint. The issue affects JEHC-BPM

PT-2025-23631 · Jehc-Bpm · Jehc-Bpm

Name of the Vulnerable Software and Affected Versions: JEHC-BPM version 2.0.1 Description: The issue allows attackers to execute arbitrary code via uploading a crafted file to the "/server/executeExec" API endpoint. This is due to an arbitrary file upload vulnerability in the component...

JEHC-BPM 安全漏洞

JEHC-BPM is a BPM open source platform for jehc individual developers. A security vulnerability exists in JEHC-BPM v2.0.1, which originates from an arbitrary file upload in the /server/executeExec component and could lead to arbitrary code execution...