High severity7.3NVD Advisory· Published Apr 22, 2025· Updated Apr 15, 2026

CVE-2025-43948

Description

Codemers KLIMS 1.6.DEV allows Python code injection. A user can provide Python code as an input value for a parameter or qualifier (such as for sorting), which will get executed on the server side.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

de.linkedin.com/company/codemersnvd
github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2025-43948nvd

News mentions

No linked articles in our index yet.

cvss	0.474
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000