Description

PowSyBl (Power System Blocks) is a framework to build power system oriented software. In versions 6.3.0 to 6.7.1, there is a deserialization issue in the read method of the SparseMatrix class that can lead to a wide range of privilege escalations depending on the circumstances. This method takes in an InputStream and returns a SparseMatrix object. This issue has been patched in com.powsybl:powsybl-math: 6.7.2. A workaround for this issue involves not using SparseMatrix deserialization (SparseMatrix.read(...) methods).

INFO

Published Date :

2025-06-19T23:41:41.357Z

Last Modified :

2025-06-20T15:55:29.328Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-47771 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-47771.

URL Resource
https://github.com/powsybl/powsybl-core/commit/8ed16ce41683c4aef5f6aa1dd5ae8642aa5ed2bd cve-icon cve-icon
https://github.com/powsybl/powsybl-core/releases/tag/v6.7.2 cve-icon cve-icon
https://github.com/powsybl/powsybl-core/security/advisories/GHSA-f5cx-h789-j959 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability