CVE-2025-28386 | THREATINT

Description

A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file.

PUBLISHED Reserved 2025-03-11 | Published 2025-06-13 | Updated 2025-06-17 | Assigner mitre

References

visionspace.com/...ment-of-an-open-source-mission-framework/ exploit

openc3.com/

visionspace.com/...ment-of-an-open-source-mission-framework/

cve.org (CVE-2025-28386)

nvd.nist.gov (CVE-2025-28386)

Download JSON