Full Report
Mendix Studio Pro contains a vulnerability in the module installation process, that could allow an attacker to write or modify arbitrary files in directories outside a developer’s project directory. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Zip Path Traversal in Mendix Studio Pro Module Installation
## CVE Details
- **CVE ID:** CVE-2025-40592
- **CVSS Score:** 6.1 (Medium) - CVSS v3.1 / 4.6 (Medium) - CVSS v4.0
- **CWE:** CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
## Affected Systems
- **Products:** Mendix Studio Pro (Low-code IDE)
- **Versions:**
- Mendix Studio Pro 8: All versions < V8.18.35
- Mendix Studio Pro 9: All versions < V9.24.35
- Mendix Studio Pro 10: All versions < V10.23.0
- Mendix Studio Pro 10.6: All versions < V10.6.24
- Mendix Studio Pro 10.12: All versions < V10.12.17
- Mendix Studio Pro 10.18: All versions < V10.18.7
- Mendix Studio Pro 11: All versions < V11.0.0
- **Configurations:** Systems where developers may download and install third-party modules (e.g., from the Mendix Marketplace).
## Vulnerability Description
A "Zip Slip" or Zip Path Traversal vulnerability exists within the module installation component of Mendix Studio Pro. When a developer installs a specially crafted module, the application fails to properly validate the file paths contained within the compressed archive. This allows an attacker to use "dot-dot-slash" (`../`) sequences to escape the intended project directory and write or overwrite arbitrary files on the developer's local file system.
## Exploitation
- **Status:** Not exploited (No reports of active exploitation in the wild or public PoC Mentioned).
- **Complexity:** High (Requires the attacker to craft a malicious module and successfully social engineer a developer into installing it).
- **Attack Vector:** Network (Remote distribution via Marketplace or external files).
## Impact
- **Confidentiality:** None
- **Integrity:** High (Attacker can modify or create arbitrary files outside the project scope).
- **Availability:** None
## Remediation
### Patches
Siemens recommends upgrading to the following versions or later:
- **V8.18.35**
- **V9.24.35**
- **V10.23.0**
- **V10.6.24**
- **V10.12.17**
- **V10.18.7**
- **V11.0.0**
### Workarounds
- **Strict Module Sourcing:** Do not install modules from untrusted or unverified sources.
- **Project Isolation:** Limit the permissions of the user account running Studio Pro to prevent unauthorized file writes to sensitive system directories.
## Detection
- **Indicators of Compromise:** Presence of unexpected or suspicious files outside of standard Mendix project directories.
- **Audit:** Review all currently installed modules within Studio Pro projects. If a module originated from an untrusted source, it should be treated as suspicious and investigated for malicious path sequences.
## References
- **Siemens Security Advisory:** hxxps[://]cert-portal[.]siemens[.]com/productcert/pdf/ssa-627195[.]pdf
- **Mendix Release Notes:** hxxps[://]docs[.]mendix[.]com/releasenotes/studio-pro/