Primary

Context

rsbi-os Remote Code Execution Vulnerability in sqlite-jdbc

Vulnerability

A remote code execution vulnerability has been identified in rsbi-os version 4.7, specifically within the sqlite-jdbc component. This issue arises from a deserialization vulnerability in JDBC that can be exploited by sending malicious responses from a MySQL server, when the autoDeserialize option is enabled.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where rsbi-os is running.

Reproduction

To reproduce this vulnerability, upload a payload as a MySQL link using the JDBC deserialization vulnerability. Set the autoDeserialize parameter to true. After the payload is uploaded, the application will execute the payload, leading to remote code execution.

Added: Sep 8, 2025, 3:19 PM

Updated: Sep 8, 2025, 4:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

rsbi-os Remote Code Execution Vulnerability in sqlite-jdbc

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating