CVE-2025-12509 - Vulnerability Details - OpenCVE

On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00042.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Bizerba Subscribe	Brain2 Subscribe

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Bizerba Subscribe	Brain2 Subscribe

Advisories

No advisories yet.

Fixes

Solution

Update to version 3.07

Workaround

BRAIN2 users can be deprived of the right to implement Global_Shipping scripts.

References

Link	Providers
https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0007.pdf

History

Mon, 03 Nov 2025 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Bizerba Bizerba brain2
Vendors & Products		Bizerba Bizerba brain2

Fri, 31 Oct 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 31 Oct 2025 16:00:00 +0000

Type	Values Removed	Values Added
Description		On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights.
Title		Scripts for the module Global_Shipping executable on BRAIN2 Server
Weaknesses		CWE-829
References		https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0007.pdf
Metrics		cvssV3_1 `{'score': 8.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: bizerba

Published: 2025-10-31T15:51:25.120Z

Updated: 2025-10-31T17:43:51.160Z

Reserved: 2025-10-30T14:08:51.595Z

Link: CVE-2025-12509

Vulnrichment

Updated: 2025-10-31T17:43:47.773Z

NVD

Status : Awaiting Analysis

Published: 2025-10-31T16:15:39.750

Modified: 2025-11-04T15:41:31.450

Link: CVE-2025-12509

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-11-03T10:44:02Z

Weaknesses

CWE-829

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12509", "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6", "state": "PUBLISHED", "assignerShortName": "bizerba", "dateReserved": "2025-10-30T14:08:51.595Z", "datePublished": "2025-10-31T15:51:25.120Z", "dateUpdated": "2025-10-31T17:43:51.160Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "platforms": ["Windows"], "product": "BRAIN2", "vendor": "Bizerba", "versions": [{"lessThan": "3.07", "status": "affected", "version": "0.0", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bizerba:brain2:*:*:windows:*:*:*:*:*", "versionEndExcluding": "3.07", "versionStartIncluding": "0.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights."}], "value": "On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-829", "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6", "shortName": "bizerba", "dateUpdated": "2025-10-31T15:51:25.120Z"}, "references": [{"url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0007.pdf"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to version 3.07"}], "value": "Update to version 3.07"}], "source": {"advisory": "BIZERBA-SA-2025-0007", "discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2025-10-30T23:00:00.000Z", "value": "Release of new version BRAIN2 3.07"}, {"lang": "en", "time": "2025-10-30T23:00:00.000Z", "value": "Publish Security Advisory"}], "title": "Scripts for the module Global_Shipping executable on BRAIN2 Server", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "BRAIN2 users can be deprived of the right to implement Global_Shipping scripts.<br>"}], "value": "BRAIN2 users can be deprived of the right to implement Global_Shipping scripts."}], "x_generator": {"engine": "Vulnogram 0.4.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-31T17:43:42.387454Z", "id": "CVE-2025-12509", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-31T17:43:51.160Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12509", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-31T17:43:42.387454Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-31T17:43:47.773Z"}}], "cna": {"title": "Scripts for the module Global_Shipping executable on BRAIN2 Server", "source": {"advisory": "BIZERBA-SA-2025-0007", "discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Bizerba", "product": "BRAIN2", "versions": [{"status": "affected", "version": "0.0", "lessThan": "3.07", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2025-10-30T23:00:00.000Z", "value": "Release of new version BRAIN2 3.07"}, {"lang": "en", "time": "2025-10-30T23:00:00.000Z", "value": "Publish Security Advisory"}], "solutions": [{"lang": "en", "value": "Update to version 3.07", "supportingMedia": [{"type": "text/html", "value": "Update to version 3.07", "base64": false}]}], "references": [{"url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0007.pdf"}], "workarounds": [{"lang": "en", "value": "BRAIN2 users can be deprived of the right to implement Global_Shipping scripts.", "supportingMedia": [{"type": "text/html", "value": "BRAIN2 users can be deprived of the right to implement Global_Shipping scripts.<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.4.0"}, "descriptions": [{"lang": "en", "value": "On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights.", "supportingMedia": [{"type": "text/html", "value": "On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-829", "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bizerba:brain2:*:*:windows:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "3.07", "versionStartIncluding": "0.0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6", "shortName": "bizerba", "dateUpdated": "2025-10-31T15:51:25.120Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12509", "state": "PUBLISHED", "dateUpdated": "2025-10-31T17:43:51.160Z", "dateReserved": "2025-10-30T14:08:51.595Z", "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6", "datePublished": "2025-10-31T15:51:25.120Z", "assignerShortName": "bizerba"}, "dataVersion": "5.2"}