CVE-2010-20120 HIGH

CVE-2010-20120: Maple <= v13 Maplet File Creation and Command Execution

Vendor Maplesoft
Product Maple
Weakness CWE-94 · Code injection
Published August 21, 2025
Last update May 15, 2026

CVSS base score

8.4/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Maple versions up to and including 13's Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers to craft malicious .maplet files that execute arbitrary code without user interaction.

Key dates

02Disclosure timeline

August 21, 2025 CVE published
May 15, 2026 Record updated