CVE-2025-5971319.09.2025, 03:15Snipe-IT before 8.1.18 allows unsafe deserialization.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST6.8 MEDIUMNETWORKHIGHLOWCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:NmitreCNA6.8 MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:NAwaiting analysisThis vulnerability is currently awaiting analysis.Base ScoreCVSS 3.xEPSS ScorePercentile: UnknownCommon Weakness EnumerationCWE-502 - Deserialization of Untrusted DataThe application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.Referenceshttps://github.com/grokability/snipe-it/releases/tag/v8.1.18