Security Advisories

Last modified: November 17, 2025

Introduction

Mendix publishes security advisories by leveraging Siemens ProductCERT, which is a dedicated team of seasoned security experts that manages the receipt, investigation, internal coordination, and public reporting of security issues related to Siemens products, solutions, and services.

Mendix adds the CVSS score and CVSS vector for security vulnerabilities described in the Studio Pro release notes. Mendix also adds the Mendix-specific CVE IDs when they become available.

Security Advisory Details

CVE IDCVSS v3.1 Base ScoreSiemens Security Advisory (SSA) DescriptionNotes
CVE-2025-408345.7Cross-Site Scripting Vulnerability in Mendix Rich Text WidgetSee the SSA description for remediation details.
CVE-2025-407588.7Account Hijacking Vulnerability in Mendix SAML ModuleSee the SSA description for remediation details.
CVE-2025-405926.1Zip Path Traversal Vulnerability in Mendix Studio Pro's Module Installation ProcessSee the SSA description for remediation details.
CVE-2025-405712.2Incorrect Privilege Assignment Vulnerability in Mendix OIDC SSO ModuleSee the SSA description for remediation details.
CVE-2025-302805.3Entity Enumeration Vulnerability in Mendix RuntimeSee the SSA description for remediation details.
CVE-2024-503135.3Race Condition Vulnerability in Basic Authentication Implementation of Mendix RuntimeSee the SSA description for remediation details.
CVE-2024-568417.4LDAP Injection Vulnerability in Mendix LDAP ModuleSee the SSA description for remediation details.
CVE-2024-398887.5Hard-coded Default Encryption Key in Mendix Encryption Module v10.0.0 and v10.0.1See the SSA description for remediation details.
CVE-2024-335005.9Improper Privilege Management Vulnerability in Mendix RuntimeSee the SSA description for remediation details.
CVE-2023-490695.3Usernames Disclosure Vulnerability in Mendix RuntimeSee the SSA description for remediation details.
CVE-2023-48637.5Code Execution Vulnerability (libwebp CVE-2023-4863) in Mendix Studio ProSee the SSA description for remediation details.
CVE-2023-457946.8Privilege Escalation Vulnerability in Mendix RuntimeSee the SSA description for remediation details.
CVE-2023-436235.3User Enumeration Vulnerability in Mendix Forgot Password ModuleSee the SSA description for remediation details.
CVE-2023-291299.1Authentication Bypass Vulnerability in Mendix SAML ModuleSee the SSA description for remediation details.
CVE-2023-259579.1Authentication Bypass Vulnerability in Mendix SAML ModuleSee the SSA description for remediation details.
CVE-2023-274645.3Observable Response Discrepancy in Mendix Forgot Password ModuleSee the SSA description for remediation details.
CVE-2023-238355.9XPath Constraint Vulnerability in Mendix RuntimeSee the SSA description for remediation details.
CVE-2022-468239.3Cross-Site Scripting Vulnerability in Mendix SAML ModuleSee the SSA description for remediation details.
CVE-2022-466648.1Improper Access Control Vulnerability in Mendix Workflow Commons ModuleSee the SSA description for remediation details.
CVE-2022-459368.1Improper Access Control Vulnerability in Mendix Email Connector ModuleSee the SSA description for remediation details.
CVE-2022-444577.4Authentication Bypass Vulnerability in Mendix SAMLSee the SSA description for remediation details.
CVE-2022-370117.4Authentication Bypass Vulnerability in Mendix SAMLSee the SSA description for remediation details.
CVE-2022-344666.5Expression Injection Vulnerability in Mendix ApplicationsSee the SSA description for remediation details.
CVE-2022-312574.9Improper Access Control Vulnerability in MendixSee the SSA description for remediation details.
CVE-2022-344676.5XML Entity Expansion Injection Vulnerability in Mendix Excel Importer ModuleSee the SSA description for remediation details.
CVE-2022-322858.3Privilege Escalation Vulnerability in Mendix SAML ModuleSee the SSA description for remediation details.
CVE-2022-322867.6Privilege Escalation Vulnerability in Mendix SAML ModuleSee the SSA description for remediation details.
CVE-2022-256503.1Improper Access Control Vulnerability in MendixSee the SSA description for remediation details.
CVE-2022-272415.3Information Disclosure Vulnerability in MendixSee the SSA description for remediation details.
CVE-2022-263139.1Vulnerability in Mendix Forgot Password Marketplace ModuleSee the SSA description for remediation details.
CVE-2022-263147.4Vulnerability in Mendix Forgot Password Marketplace ModuleSee the SSA description for remediation details.
CVE-2022-243095.9XPath Constraint Vulnerability in Mendix RuntimeSee the SSA description for remediation details.
CVE-2022-263177.7Improper Access Control Vulnerability in MendixSee the SSA description for remediation details.
CVE-2021-420154.0Information Disclosure Vulnerability in MendixSee the SSA description for remediation details.
CVE-2021-420255.3Two Incorrect Authorization Vulnerabilities in MendixSee the SSA description for remediation details.
CVE-2021-420263.1Two Incorrect Authorization Vulnerabilities in MendixSee the SSA description for remediation details.
CVE-2021-337185.3Access Check Bypass Vulnerability in MendixSee the SSA description for remediation details.
CVE-2021-337128.1Privilege Escalation Vulnerability in Mendix SAML ModuleSee the SSA description for remediation details.
CVE-2021-313394.3Information Disclosure Vulnerability in Mendix Excel Importer ModuleSee the SSA description for remediation details.
CVE-2021-313414.3Information Disclosure Vulnerability in Mendix Database Replication ModuleSee the SSA description for remediation details.
CVE-2021-273948.1Privilege Escalation Vulnerability in MendixSee the SSA description for remediation details.
CVE-2021-256726.8Mendix Forgot Password App Store ModuleSee the SSA description for remediation details.

More Information