Eclipse BIRT - RCE (CVE-2021-34427)

CVE-2021-34427 is a critical vulnerability in Eclipse BIRT versions 4.8.0 and earlier that allows remote attackers to inject malicious JSP code by manipulating query parameters. Exploiting this flaw could enable attackers to execute arbitrary code on the server, potentially leading to full system compromise and unauthorized access to sensitive data.

CrowdSec has been tracking this vulnerability and its exploits since 10th of December 2025.

According to CrowdSec data, while opportunistic exploitation dominates, a portion of threat actors trying to exploit CVE-2021-34427 apply basic targeting methods such as port or service detection. This indicates emerging patterns of selective targeting. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2021-34427 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2021-34427 is currently experiencing high visibility and active exploitation across the internet.

Attackers exploit this vulnerability by sending crafted requests to the /document endpoint with malicious query parameters, resulting in the creation and execution of attacker-controlled JSP files within the application directory. Subsequent requests to the uploaded .jsp files are used to execute arbitrary code on the server.