CVE-2025-5971319.09.2025, 03:15Snipe-IT before 8.1.18 allows unsafe deserialization.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST6.8 MEDIUMNETWORKHIGHLOWCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:NmitreCNA6.8 MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:NCISA-ADPADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 3%VendorProductVersionsnipeitappsnipe-it𝑥< 8.1.18𝑥= Vulnerable software versionsCommon Weakness EnumerationCWE-502 - Deserialization of Untrusted DataThe application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.Referenceshttps://github.com/grokability/snipe-it/releases/tag/v8.1.18