CVE Vulnerabilities

CVE-2025-3600

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Published: May 14, 2025 | Modified: Aug 27, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

In ProgressĀ® TelerikĀ® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service.

Weakness

The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.

Affected Software

Name Vendor Start Version End Version
Telerik_ui_for_asp.net_ajax Progress 2011.2712 (including) 2025.1.218 (including)

Potential Mitigations

References