How severe is CVE-2025-27107?

This vulnerability has a severity rating of HIGH with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-27107?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2025-27107

HIGH Year: 2025

Weakness Type

CWE-74

View all →

Vulnerability Description

Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 may be vulnerable to arbitrary code execution. By using Java reflection on a thrown exception object it's possible to escape the JavaScript sandbox for IntegratedScripting's Variable Cards, and leverage that to construct arbitrary Java classes and invoke arbitrary Java methods. This vulnerability allows for execution of arbitrary Java methods, and by extension arbitrary native code e.g. from `java.lang.Runtime.exec`, on the Minecraft server by any player with the ability to create and use an IntegratedScripting Variable Card. Versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 fix the issue.

CVE-2020-26282

CRITICAL

CVSS:10.0(Critical)

BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works well as a standalone proxy server, but it i...

CWE-742020

CVE-2022-24760

CRITICAL

CVSS:10.0(Critical)

Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the...

CWE-742022

CVE-2023-1523

CRITICAL

CVSS:10.0(Critical)

Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap...

CWE-742023

CVE-2023-22527

CRITICAL

CVSS:10.0(Critical)

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version...

CWE-742023

CVE-2023-30547

CRITICAL

CVSS:10.0(Critical)

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to ra...

CWE-742023

CVE-2023-32314

CRITICAL

CVSS:10.0(Critical)

vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a h...

CWE-742023

CVE-2025-27107

Vulnerability Description

Related Vulnerabilities

CVE-2020-26282

CVE-2022-24760

CVE-2023-1523

CVE-2023-22527

CVE-2023-30547

CVE-2023-32314