EXECUTIVE SUMMARY:
A critical vulnerability identified as CVE-2025-11919 with a CVSS score of 9.8 has been discovered in Wolfram Cloud version 14.2, allowing attackers to perform privilege escalation, information exfiltration, and remote code execution in multi-tenant environments. The flaw arises from improper handling of temporary directories within the Java Virtual Machine, enabling a race condition that allows malicious code injection into the JVMs classpath during initialization. Successful exploitation grants attackers the ability to execute arbitrary code with another tenants privileges, posing a severe risk in shared cloud infrastructures. The issue stems from how the hosting platform manages virtual access to temporary files, which could lead to total system compromise. Updating to latest version resolves the issue through improved temporary directory management and enhanced JVM isolation.
RECOMMENDATION:
We strongly recommend you update Wolfram Cloud version to version 14.2.1.
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/cve-2025-11919-wolfram-cloud-vulnerability-exposes-users-to-privilege-escalation-and-remote-code-execution/