Primary

Context

Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in Mescius ActiveReports.NET. The issue arises in the TypeResolutionService class, where user-supplied data is not properly validated, allowing for the deserialization of untrusted data. This vulnerability requires interaction with the library to exploit, and the executed code runs in the context of the current process.

Impact

Exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected system.

Remediation

The recommended mitigation strategy is to restrict interaction with the product.

Added: Jul 7, 2025, 3:18 PM

Updated: Jul 7, 2025, 3:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.1

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.1

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating