CRITICAL
Stellar Group
CVE published 2026-04-28
CVE-2025-60889
A critical vulnerability in StellarGroup HPX 1.11.0 and earlier allows insecure deserialization of untrusted input, potentially enabling remote code execution. The CVSS 3.1 score of 9.8 reflects network attackability with low complexity and no required privileges or user interaction. The vulnerability was published on April 28, 2026, and last modified on May 18, 2026. A third-party exploit advisory has be [truncated]