Unrated severityNVD Advisory· Published Nov 7, 2025· Updated Nov 7, 2025
CVE-2025-63690
CVE-2025-63690
Description
In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a parameterless constructor and its methods with parameter type String through reflection. At this time, the eval method in Tomcat's built-in class jakarta.el.ELProcessor can be used to execute commands, leading to a remote code execution vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- pig-mesh/pig-mesh Pigdescription
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.