Description

Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to exfiltrate data including credentials, and with no rate limiting a malicious actor could enumerate the filesystem of the host machine and potentially lead to full host compromise. This issue affects Rock Maker Web: from 3.2.1.1 and later

INFO

Published Date :

2025-04-21T05:27:06.090Z

Last Modified :

2025-04-28T02:49:47.566Z

Source :

MON-CSIRT
AFFECTED PRODUCTS

The following products are affected by CVE-2025-0632 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-0632.

URL Resource
https://formulatrix.com/downloads/apps/repository/rockmaker/RockMaker%20V3/3.18/3.18.4.7/RockMakerWeb_3.18.4.7_setup.exe cve-icon cve-icon
https://formulatrix.com/downloads/docs/cve/RockMaker/CVE-2025-0632_Security_Bulletin.pdf cve-icon cve-icon
https://www.formulatrix.com/downloads/apps/repository/rockmaker/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability