CVE-2010-20120

N/A Unknown

Published: August 21, 2025 Modified: April 15, 2026

Description

Maple versions up to and including 13's Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers to craft malicious .maplet files that execute arbitrary code without user interaction.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/fileformat/maple_maplet.rb

Source: disclosure@vulncheck.com

https://www.exploit-db.com/exploits/16308

Source: disclosure@vulncheck.com

https://www.juniper.net/us/en/threatlabs/ips-signatures/detail.HTTP:MISC:MAPLE-MAPLET-CMD-EXEC.html

Source: disclosure@vulncheck.com

https://www.maplesoft.com/products/maple/

Source: disclosure@vulncheck.com

https://www.vulncheck.com/advisories/maple-maplet-file-creation-command-execution

Source: disclosure@vulncheck.com

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/fileformat/maple_maplet.rb

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

https://www.exploit-db.com/exploits/16308

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

7 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

6.4%

91th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-94

Related CVEs

CVE-2026-7724 5.0

CVE-2026-7723 7.3

CVE-2026-7722 5.3

CVE-2026-7721 6.3

CVE-2026-7720 6.3