CVE-2025-58059: Valtimo scripting engine can be used to gain access to sensitive data or resources
Any admin that can create or modify and execute process-definitions could gain access to sensitive data or resources.
This includes but is not limited to:
- Running executables on the application host
- Inspecting and extracting data from the host environment or application properties
- Spring beans (application context, database pooling)
References
- github.com/advisories/GHSA-w48j-pp7j-fj55
- github.com/valtimo-platform/valtimo-backend-libraries
- github.com/valtimo-platform/valtimo-backend-libraries/commit/45eb60b0b2df5964fb9917295d0dceb1fff8dd85
- github.com/valtimo-platform/valtimo-backend-libraries/security/advisories/GHSA-w48j-pp7j-fj55
- nvd.nist.gov/vuln/detail/CVE-2025-58059
Code Behaviors & Features
Detect and mitigate CVE-2025-58059 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →