CVE-2025-48047

Description

An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint.

PUBLISHED Reserved 2025-05-15 | Published 2025-05-29 | Updated 2025-05-29 | Assigner rapid7

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Credits

Anna Quinn, Security Consultant at Rapid7 finder

References

www.rapid7.com/...-server-product-vulnerabilities-not-fixed/

cve.org (CVE-2025-48047)

nvd.nist.gov (CVE-2025-48047)

Download JSON