Security Advisory, weiße Schrift auf dunklem Hintergrund

Security Advisories on Agorum Core Open

2. July 2025
News | Pentests & Security Analyses | Security Advisories | usd HeroLab

The pentest professionals at usd HeroLab examined Agorum Core Open during the execution of their pentests..

While analyzing the software Agorum Core, our analysts discovered multiple vulnerabilities that, when chained together, allow an unauthenticated attacker to achieve full remote code execution with root privileges. This critical flaw enables complete system compromise without prior authentication.

The vulnerabilities were reported to the vendor as part of the Responsible Disclosure Policy. Detailed information on the advisories can be found here:

IDProductVulnerability Type
usd-2025-0021Agorum Core OpenImproper Neutralization of Special Elements used in a Command (Command Injection) (CWE-77)
usd-2025-0022Agorum Core OpenAbsolute Path Traversal (CWE-36)
usd-2025-0023Agorum Core OpenPlaintext Storage of a Password (CWE-256)
usd-2025-0024Agorum Core OpenImproper Restriction of XML External Entity Reference (CWE-611)
usd-2025-0025Agorum Core OpenServer-Side Request Forgery (SSRF) (CWE-918)
usd-2025-0026Agorum Core OpenImproper Neutralization of Input During Web Page Generation (Cross-site Scripting) (CWE-79)
usd-2025-0027Agorum Core OpenAbsolute Path Traversal (CWE-36)
usd-2025-0028Agorum Core OpenIncorrect Authorization (CWE-863)
usd-2025-0029Agorum Core OpenDependency on Vulnerable Third-Party Component (CWE-1395)
usd-2025-0030Agorum Core OpenUnauthenticated Remote Code Execution

About usd HeroLab Security Advisories

In order to protect businesses against hackers and criminals, we must ensure that our skills and knowledge are up to date at all times. Therefore, security research is just as important to our work as is building up a security community to promote an exchange of knowledge. After all, more security can only be achieved if many people take on the task.

We analyze attack scenarios, which are changing constantly, and publish a series of Security Advisories on current vulnerabilities and security issues – always in line with our Responsible Disclosure Policy.

Always in the name of our mission: “more security.”

Agorum Core Open | Pentest | Pentesting | SECURITY ADVISORIES | SECURITY ADVISORY | Security Analysis | SECURITY RESEARCH

Also interesting:

Security Advisories on PRTG Network Monitor

Security Advisories on PRTG Network Monitor

Jan 23, 2026

The pentest professionals at usd HeroLab examined the PRTG Network Monitor web application as part of web application pentests and identified several vulnerabilities. Two vulnerabilities relate to cross-site scripting (XSS), which allows attackers to inject JavaScript...

PCI Secure Software Standard v2.0: What You Should Know

PCI Secure Software Standard v2.0: What You Should Know

Jan 20, 2026

On 15 January 2026, the PCI Security Standards Council (PCI SSC) released version 2.0 of the PCI Secure Software Standard. This is the first comprehensive revision since the introduction of the standard. Insight into the Key Changes The new version streamlines the...

Part-IS and ISO 27001: How to Leverage Synergies for Your Compliance

Part-IS and ISO 27001: How to Leverage Synergies for Your Compliance

Jan 14, 2026

On 22 February 2026, the EU Regulation Part-IS for aviation organizations will come into force. They must manage information security risks in a way that best protects civil aviation safety. Many already rely on an ISMS according to ISO 27001 – but is that enough for...

Categories

Categories

#BeAware Cloud Security Customer Stories  | Cyber Defence  |  Cybersecurity Tips  |  Events & Community Financial Sector & Compliance  |  Life@usd  |  News  |  PCI -Tipps  |  PCI News Pentest Insights  |  Security Audits  |  Security Research  |  usd Updates