CVE-2025-30056 | THREATINT

Description

The RunCommand function accepts any parameter, which is then passed for execution in the shell. This allows an attacker to execute arbitrary code on the system.

PUBLISHED Reserved 2025-03-14 | Published 2025-08-27 | Updated 2025-08-27 | Assigner CERT-PL

CRITICAL: 9.4CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

Default status

unaffected

Any version before 2024.MS4.33

affected

Credits

Maciej Kazulak finder

References

cert.pl/en/posts/2025/08/CVE-2025-2313/

cve.org (CVE-2025-30056)

nvd.nist.gov (CVE-2025-30056)

Download JSON