Home

Description

In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter.

PUBLISHED Reserved 2025-06-16 | Published 2025-08-27 | Updated 2025-08-29 | Assigner mitre

References

github.com/RaspAP/raspap-webgui/pull/1833

blog.smarttecs.com/posts/2025-004-cve-2025-50428/

cve.org (CVE-2025-50428)

nvd.nist.gov (CVE-2025-50428)

Download JSON