CVE-2025-67031

EUVD-2025-209885
ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field configurations accept values beginning with the prefix "func:" which are passed directly into an eval() call inside tagsets/participant.php and tagsets/options.php.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
References
https://github.com/orsee/orsee/archive/refs/tags/orsee_3.1.0.zip
https://medium.com/@erabhishekshroti/cve-2025-67031-remote-code-execution-in-orsee-3-1-0-2bfc71d6d5eb