CVE-2025-59713 MEDIUM

CVE-2025-59713

Vendor Snipeitapp

Product Snipe-IT

Weakness CWE-502 · Unsafe deserialization

Published September 19, 2025

Last update September 19, 2025

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Snipe-IT before 8.1.18 allows unsafe deserialization.

Key dates

02Disclosure timeline

September 19, 2025 CVE published

September 19, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-59713 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

04Related CVE

CVE-2026-24656 Apache Karaf: Decanter log-socket collector has deserialization vulnerability CVE-2026-32509 WordPress Gracey theme < 1.4 - Arbitrary Object Instantiation vulnerability CVE-2024-1813 Simple Job Board <= 2.11.0 - Unauthenticated PHP Object Injection via Job Application Fields CVE-2026-24976 WordPress Organici Library plugin <= 2.1.2 - PHP Object Injection vulnerability CVE-2023-5583 WP Simple Galleries <= 1.34 - Authenticated (Contributor+) PHP Object Injection