Main Vulnerability Database Exploits ID:12519 - Exploit for Missing Authentication for Critical Function in Eclipse Che - CVE-2025-12548

ID:12519 - Exploit for Missing Authentication for Critical Function in Eclipse Che - CVE-2025-12548

Published: March 25, 2026

Vulnerability identifier: #VU119113

Vulnerability risk: Critical

CVE-ID: CVE-2025-12548

CWE-ID: CWE-306

Exploitation vector: Remote access

Vulnerable software:
Eclipse Che

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/linux/http/eclipse_che_machine_exec_rce

Vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to CHE machine-exec API is exposed by default on port 3333/TCP and does not require authentication. A remote non-authenticated attacker can obtain SSH private keys that are configured by other devspaces user and compromise the affected system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

ID:12519 - Exploit for Missing Authentication for Critical Function in Eclipse Che - CVE-2025-12548

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human