The vulnerability CVE-2025-67995 affects LoftOcean PatioTime versions before 2.1 and is caused by deserialization of untrusted data, enabling object injection attacks. This type of vulnerability can allow an attacker to execute arbitrary code or manipulate application logic by injecting malicious objects during the deserialization process. The CVSS v3.1 base score is 9.8, indicating a critical severity with network attack vector, no required privileges or user interaction, and full impact on confidentiality, integrity, and availability.

Successful exploitation of this vulnerability can result in full compromise of the affected PatioTime application, including unauthorized code execution, data manipulation, and denial of service. Given the critical CVSS score and the nature of the vulnerability, the impact is severe and could affect the entire system running the vulnerable version.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or workaround information is provided, users should monitor LoftOcean's advisories closely and consider applying defensive measures such as input validation or disabling deserialization features if possible until a fix is available.