Primary

Context

LogicalDOC Automation Scripting Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in the Automation Scripting feature of LogicalDOC document management system. This issue allows attackers to execute arbitrary system commands on the operating system hosting the LogicalDOC web server. The vulnerability affects both the Community and Enterprise editions of LogicalDOC, specifically in version 8.9.3. To exploit this vulnerability, an account with administrator privileges or explicit access to Automation Scripting is required.

Impact

Exploitation of this vulnerability would enable an attacker to execute commands of their choice on the operating system of the web server running LogicalDOC.

Remediation

This vulnerability has been addressed in LogicalDOC Community and Enterprise Editions version 9.1.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

10.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

10.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LogicalDOC Automation Scripting Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

LogicalDOC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating