MEDIUM
ORSEE
CVE published 2026-05-15
CVE-2025-67031
CVE-2025-67031 describes an authenticated remote code execution weakness in ORSEE 3.1.0. The issue is tied to participant profile field processing where certain configurations accept values beginning with the prefix "func:" and pass them into eval() within tagsets/participant.php and tagsets/options.php. The NVD record classifies the weakness as CWE-94 and assigns a CVSS v3.1 score of 6.3 (MEDIUM) with ne [truncated]