CVE-2025-10239 | THREATINT

Description

In Flowmon versions prior to 12.5.5, a vulnerability has been identified that allows a user with administrator privileges and access to the management interface to execute additional unintended commands within scripts intended for troubleshooting purposes.

PUBLISHED Reserved 2025-09-10 | Published 2025-10-09 | Updated 2025-10-10 | Assigner ProgressSoftware

HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

affected

Versions prior to 12.5.5

affected

Credits

This vulnerability was discovered by Kentaro Kawane. finder

References

community.progress.com/s/article/CVE-2025-10239 vendor-advisory

cve.org (CVE-2025-10239)

nvd.nist.gov (CVE-2025-10239)

Download JSON