From 0c8dbbb31b1ad37c8243b68c48744dd9bc8597cb Mon Sep 17 00:00:00 2001 From: Lance McCarthy Date: Wed, 14 May 2025 09:28:32 -0400 Subject: [PATCH 1/2] Update kb-security-unsafe-reflection-cve-2025-3600.md --- .../kb-security-unsafe-reflection-cve-2025-3600.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/knowledge-base/kb-security-unsafe-reflection-cve-2025-3600.md b/knowledge-base/kb-security-unsafe-reflection-cve-2025-3600.md index 56b38cb2e..9ba43eb4b 100644 --- a/knowledge-base/kb-security-unsafe-reflection-cve-2025-3600.md +++ b/knowledge-base/kb-security-unsafe-reflection-cve-2025-3600.md @@ -25,7 +25,7 @@ We have addressed the issue and the Progress Telerik team strongly recommends pe | Current Version | Update to | |-----------------|----------| -| `>= v2011.2712` && `<= v2025.1.218` (2025 Q1 SP1) | `>= v2025.1.416` (2025 Q1 SP2) | +| `>= v2011.2.712` && `<= v2025.1.218` (2025 Q1 SP1) | `>= v2025.1.416` (2025 Q1 SP2) | Follow the [update instructions]({%slug introduction/installation/upgrading-instructions/upgrading-a-trial-to-a-developer-license-or-to-a-newer-version%}) for precise instructions. All customers who have a license for UI for AJAX can access the downloads here [Product Downloads | Your Account](https://www.telerik.com/account/downloads/product-download). @@ -232,6 +232,6 @@ This approach inspects the incoming request and blocks traffic to the affected e **CVSS:** 7.5 -In Progress® Telerik® UI for AJAX, versions 2011.2712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service. +In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service. -Discoverer Credit: Piotr Bazydlo (@chudyPB) of watchTowr \ No newline at end of file +Discoverer Credit: Piotr Bazydlo (@chudyPB) of watchTowr From cb6194dca049d0d3398590e851281f09f51b79ef Mon Sep 17 00:00:00 2001 From: Lance McCarthy Date: Wed, 14 May 2025 09:54:58 -0400 Subject: [PATCH 2/2] Update kb-security-unsafe-reflection-cve-2025-3600.md --- knowledge-base/kb-security-unsafe-reflection-cve-2025-3600.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/knowledge-base/kb-security-unsafe-reflection-cve-2025-3600.md b/knowledge-base/kb-security-unsafe-reflection-cve-2025-3600.md index 9ba43eb4b..828cb8b82 100644 --- a/knowledge-base/kb-security-unsafe-reflection-cve-2025-3600.md +++ b/knowledge-base/kb-security-unsafe-reflection-cve-2025-3600.md @@ -13,7 +13,7 @@ Product Alert – May 2025 - [CVE-2025-3600](https://www.cve.org/CVERecord?id=CV ### What Are the Impacts -In Progress® Telerik® UI for AJAX, versions 2011.2712 to 2025.1.218, an attacker can send a specially crafted request that triggers an unsafe reflection vulnerability. This causes an unhandled exception resulting in a crash of the hosting process, leading to denial of service while the application is restarting. +In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an attacker can send a specially crafted request that triggers an unsafe reflection vulnerability. This causes an unhandled exception resulting in a crash of the hosting process, leading to denial of service while the application is restarting. ## Issue