CVE•Published 2023-03-27•Modified 2026-07-09•1 article on news•5 live references•NVD data
CVE-2023-25261Stimulsoft · Designer
Vulnerability data via NVD (ingested)
CVSS v3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS percentile
82
Exploit Prediction Scoring System · top 18% of all CVEs
Weaknesses (CWE)
Description
Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft Designer (Web) 2023.1.3 and Stimulsoft Viewer (Web) 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include source code which reads or writes local directories and files. It is also possible for the attacker to prepare a report which has a variable that holds the gathered data and render it in the report.
Timeline
Published 2023-03-27
Modified 2026-07-09
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
Shodan · vuln tag0 hosts
vuln:CVE-2023-25261Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product + version
product:"Stimulsoft Designer" version:"2023.1"Version-pinned fingerprint from NVD's first vulnerable CPE.
Shodan · banner/body mention
http.html:"Designer"HTTP body or banner mentions "Designer" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2023-25261Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2023-25261Censys host search filtered to this CVE id.
grep.app
CVE-2023-25261Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2023-25261GitHub code search for direct mentions.
Google dork
"CVE-2023-25261" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub
No public proof-of-concept repositories found for CVE-2023-25261 on GitHub.