CVE-2025-40758

A vulnerability has been identified in Mendix SAML Mendix 10.12 compatible All versions V4.0.3, Mendix SAML Mendix 10.21 compatible All versions V4.1.2, Mendix SAML Mendix 9.24 compatible All versions V3.6.21. Affected versions of the module insufficiently enforce signature validation and binding...

PT-2025-33297 · Mendix · Mendix Saml

Name of the Vulnerable Software and Affected Versions: Mendix SAML Mendix 10.12 compatible versions prior to 4.0.3 Mendix SAML Mendix 10.21 compatible versions prior to 4.1.2 Mendix SAML Mendix 9.24 compatible versions prior to 3.6.21 Description: The Mendix SAML module insufficiently enforces...

Siemens Mendix SAML 数据伪造问题漏洞

Siemens Mendix SAML is an authentication module provided by the Siemens Mendix platform for single sign-on SSO functionality. An account hijacking vulnerability exists in Siemens Mendix SAML, which stems from insufficient signature verification and binding checks, and can be exploited by an...

Siemens Mendix SAML Module

SUMMARY Mendix SAML module contains a vulnerability that could allow unauthenticated remote attackers to hijack an account in specific SSO configurations. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a...

CISA Releases Five Industrial Control Systems Advisories

CISA released five Industrial Control Systems ICS advisories on June 17, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-168-01 Siemens Mendix Studio Pro ICSA-25-168-02 LS Electric GMWin 4 ICSA-25-168-04 Fuji...

CVE-2025-40592

A vulnerability has been identified in Mendix Studio Pro 10 All versions V10.23.0, Mendix Studio Pro 10.12 All versions V10.12.17, Mendix Studio Pro 10.18 All versions V10.18.7, Mendix Studio Pro 10.6 All versions V10.6.24, Mendix Studio Pro 11 All versions V11.0.0, Mendix Studio Pro 8 All versio...

CVE-2025-40592

A vulnerability has been identified in Mendix Studio Pro 10 All versions V10.23.0, Mendix Studio Pro 10.12 All versions V10.12.17, Mendix Studio Pro 10.18 All versions V10.18.7, Mendix Studio Pro 10.6 All versions V10.6.24, Mendix Studio Pro 11 All versions V11.0.0, Mendix Studio Pro 8 All versio...

CVE-2025-40592

CVE-2025-40592 describes a zip path traversal in the Mendix Studio Pro module installation process. The vulnerability affects Mendix Studio Pro versions prior to: 8.18.35, 9.24.35, 10.6.24, 10.12.17, 10.18.7, and 10.23.0, with all versions of 11 affected. By crafting a malicious module (e.g., via...

CVE-2025-40592

A vulnerability has been identified in Mendix Studio Pro 10 All versions V10.23.0, Mendix Studio Pro 10.12 All versions V10.12.17, Mendix Studio Pro 10.18 All versions V10.18.7, Mendix Studio Pro 10.6 All versions V10.6.24, Mendix Studio Pro 11 All versions V11.0.0, Mendix Studio Pro 8 All versio...

Siemens Mendix Studio Pro

SUMMARY Mendix Studio Pro contains a vulnerability in the module installation process, that could allow an attacker to write or modify arbitrary files in directories outside a developer’s project directory. Siemens has released new versions for several affected products and recommends to update...

Mendix Studio Pro 路径遍历漏洞

Mendix Studio Pro is a visual model-driven IDE from Mendix USA. A path traversal vulnerability exists in Mendix Studio Pro that originates from zip path traversal during module installation and could lead to arbitrary file writes or modifications. The following versions are affected: versions pri...

PT-2025-25283 · Mendix · Mendix Studio Pro

Name of the Vulnerable Software and Affected Versions: Mendix Studio Pro versions prior to 8.18.35 Mendix Studio Pro versions prior to 9.24.35 Mendix Studio Pro versions prior to 10.6.24 Mendix Studio Pro versions prior to 10.12.17 Mendix Studio Pro versions prior to 10.18.7 Mendix Studio Pro...

CVE-2024-33500

A vulnerability has been identified in Mendix Applications using Mendix 10 All versions = V9.3.0 V9.24.22. Affected applications could allow users with the capability to manage a role to elevate the access rights of users with that role. Successful exploitation requires to guess the id of a targe...

CVE-2024-50313

A vulnerability has been identified in Mendix Runtime V10 All versions V10.16.0 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.12 All versions V10.12.7 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.6 All versio...

CVE-2023-23835

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.34, Mendix Applications using Mendix 8 All versions V8.18.23, Mendix Applications using Mendix 9 All versions V9.22.0, Mendix Applications using Mendix 9 V9.12 All versions V9.12.10, Mendix Applications...

CVE-2023-27464

A vulnerability has been identified in Mendix Forgot Password Mendix 7 compatible All versions V3.7.1, Mendix Forgot Password Mendix 8 compatible All versions V4.1.1, Mendix Forgot Password Mendix 9 compatible All versions V5.1.1. The affected versions of the module contain an observable response...

CVE-2023-45794

A vulnerability has been identified in Mendix Applications using Mendix 10 All versions V10.4.0, Mendix Applications using Mendix 7 All versions V7.23.37, Mendix Applications using Mendix 8 All versions V8.18.27, Mendix Applications using Mendix 9 All versions V9.24.10. A capture-replay flaw in t...

CVE-2022-34466

A vulnerability has been identified in Mendix Applications using Mendix 9 All versions = V9.11 V9.15, Mendix Applications using Mendix 9 V9.12 All versions V9.12.3. An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running...

CVE-2022-24309

A vulnerability has been identified in Mendix Runtime V7 All versions V7.23.29, Mendix Runtime V8 All versions V8.18.16, Mendix Runtime V9 All versions V9.13 only with Runtime Custom Setting DataStorage.UseNewQueryHandler set to False. If an entity has an association readable by the user, then in...

CVE-2022-31257

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.31, Mendix Applications using Mendix 8 All versions V8.18.18, Mendix Applications using Mendix 9 All versions V9.14.0, Mendix Applications using Mendix 9 V9.12 All versions V9.12.2, Mendix Applications...