Home

Description

An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary code via the management script x-ui passes the no check certificate option to wget when downloading updates

PUBLISHED Reserved 2025-03-11 | Published 2025-06-26 | Updated 2025-06-26 | Assigner mitre

References

www.digilol.net/security-advisories/dlsec2025-001.html

github.com/MHSanaei/3x-ui/pull/2661

cve.org (CVE-2025-29331)

nvd.nist.gov (CVE-2025-29331)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.