Budibase Low-Code Platform Patches Critical Command Execution Flaw

/HIGH
SCW vulnerabilitycve
Budibase Low-Code Platform Patches Critical Command Execution Flaw

CVE Notify is flagging a serious vulnerability, CVE-2026-25044, affecting the popular open-source low-code platform, Budibase. According to their report, versions prior to 3.33.4 contained a flaw in the bash automation step. This step improperly executed user-provided commands via execSync without adequate sanitization or validation.

The core issue stemmed from how user input was handled by processStringSync, which allowed for template interpolation. This mechanism could have been abused to achieve arbitrary command execution on affected systems. The vulnerability has since been addressed by the Budibase team and patched in version 3.33.4.

What This Means For You

  • Organizations using Budibase should immediately verify their deployment version and upgrade to 3.33.4 or later to mitigate the risk of arbitrary command execution through the bash automation feature.

Related ATT&CK Techniques

T1059.004 Command and Scripting Interpreter: Unix Shell Execution T1204.002 Malicious File: User Execution Execution

๐Ÿ›ก๏ธ Detection Rules

1 rule ยท 6 SIEM formats

1 detection rule mapped to MITRE ATT&CK. Free Sigma YAML below.

high T1059.004 Execution

Suspicious Shell Command Execution

Sigma YAML โ€” free preview

Source: Shimi's Cyber World ยท License & reuse

Indicators of Compromise

IDTypeIndicator
CVE-2026-25044 Command Injection Budibase, versions prior to 3.33.4, bash automation step, execSync, processStringSync, template interpolation, arbitrary command execution
CVE-2026-25044 Code Injection Budibase, versions prior to 3.33.4, bash automation step, execSync, processStringSync, template interpolation, arbitrary command execution

By Shimi's Cyber World Editorial

Related coverage

Featured

Daily Security Digest โ€” 2026-05-22

13 vulnerability disclosures (5 Critical, 8 High) and 14 curated intelligence stories from 6 sources.

daily-digestvulnerabilityCVEhigh-severitycwe-88privilege-escalationcwe-863criticalremote-code-executioncwe-434
/SCW Daily Digest /CRITICAL

WordPress Ditty Plugin: Authorization Bypass Exposes Non-Public Content

CVE-2026-9011 โ€” The Ditty โ€“ Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and...

vulnerabilityCVEhigh-severitycwe-862
/SCW Vulnerability Desk /HIGH /7.5 /⚑ 3 IOCs

CVE-2026-8692 โ€” The Vedrixa Forms โ€“ User Registration Form, Signup Form &

CVE-2026-8692 โ€” The Vedrixa Forms โ€“ User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass...

vulnerabilityCVEmedium-severitycwe-862
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 2 IOCs /⚙ 2 Sigma