Kaleris NAVIS N4 ULC Java Deserialization RCE (CVE-2025-2566)
CVE-2025-2566 Published on June 24, 2025

Deserialization of Untrusted Data in Kaleris Navis N4
Kaleris NAVIS N4 ULC (Ultra Light Client) contains an unsafe Java deserialization vulnerability. An unauthenticated attacker can make specially crafted requests to execute arbitrary code on the server.

NVD

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2025-2566 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

Affected Versions

Kaleris Navis N4:

Before 4.0 is affected.

Exploit Probability

EPSS

0.89%

Percentile

76.01%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Kaleris NAVIS N4 ULC Java Deserialization RCE (CVE-2025-2566)CVE-2025-2566 Published on June 24, 2025

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

Affected Versions

Exploit Probability

Kaleris NAVIS N4 ULC Java Deserialization RCE (CVE-2025-2566)
CVE-2025-2566 Published on June 24, 2025