Skip to content

Update kb-security-unsafe-reflection-cve-2025-3600.md #689

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
May 14, 2025
Merged

Update kb-security-unsafe-reflection-cve-2025-3600.md #689

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0c8dbbb
Update kb-security-unsafe-reflection-cve-2025-3600.md
LanceMcCarthy May 14, 2025
cb6194d
Update kb-security-unsafe-reflection-cve-2025-3600.md
LanceMcCarthy May 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions knowledge-base/kb-security-unsafe-reflection-cve-2025-3600.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ Product Alert – May 2025 - [CVE-2025-3600](https://www.cve.org/CVERecord?id=CV

### What Are the Impacts

In Progress® Telerik® UI for AJAX, versions 2011.2712 to 2025.1.218, an attacker can send a specially crafted request that triggers an unsafe reflection vulnerability. This causes an unhandled exception resulting in a crash of the hosting process, leading to denial of service while the application is restarting.
In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an attacker can send a specially crafted request that triggers an unsafe reflection vulnerability. This causes an unhandled exception resulting in a crash of the hosting process, leading to denial of service while the application is restarting.

## Issue

Expand All @@ -25,7 +25,7 @@ We have addressed the issue and the Progress Telerik team strongly recommends pe

| Current Version | Update to |
|-----------------|----------|
| `>= v2011.2712` && `<= v2025.1.218` (2025 Q1 SP1) | `>= v2025.1.416` (2025 Q1 SP2) |
| `>= v2011.2.712` && `<= v2025.1.218` (2025 Q1 SP1) | `>= v2025.1.416` (2025 Q1 SP2) |

Follow the [update instructions]({%slug introduction/installation/upgrading-instructions/upgrading-a-trial-to-a-developer-license-or-to-a-newer-version%}) for precise instructions. All customers who have a license for UI for AJAX can access the downloads here [Product Downloads | Your Account](https://www.telerik.com/account/downloads/product-download).

Expand Down Expand Up @@ -232,6 +232,6 @@ This approach inspects the incoming request and blocks traffic to the affected e

**CVSS:** 7.5

In Progress® Telerik® UI for AJAX, versions 2011.2712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service.
In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service.

Discoverer Credit: Piotr Bazydlo (@chudyPB) of watchTowr
Discoverer Credit: Piotr Bazydlo (@chudyPB) of watchTowr