VYPR
Medium severity5.3NVD Advisory· Published Apr 8, 2025· Updated Apr 15, 2026

CVE-2025-30280

CVE-2025-30280

Description

A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.21.0), Mendix Runtime V10.12 (All versions < V10.12.16), Mendix Runtime V10.18 (All versions < V10.18.5), Mendix Runtime V10.6 (All versions < V10.6.22), Mendix Runtime V8 (All versions < V8.18.35), Mendix Runtime V9 (All versions < V9.24.34). Affected applications allow for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Mendix/Runtimeinferred2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: V10 < 10.21.0, V10.12 < 10.12.16, V10.18 < 10.18.5, V10.6 < 10.6.22, V8 < 8.18.35, V9 < 9.24.34

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.