CVE Catalog

CVE-2025-60229

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Summary

CVE-2025-60229 is a vulnerability related to the deserialization of untrusted data in Themeton Lagom, allowing for object injection. This issue affects Lagom versions from n/a through 2.0.

Risk Assessment

Exploitation of this vulnerability may lead to unauthorized access to the system and potential takeover of the application. Organizations should be aware of the risks associated with object injection.

Recommendation

It is recommended to upgrade to the latest version of Lagom that addresses this vulnerability. A code audit should also be conducted to identify and secure areas where deserialization of untrusted data may occur.

Original NVD description (English source)

Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS