CVE-2025-24938
July 22, 2025, 1:06 p.m.
None
No Score
Description
The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access (administrator) to the application has the potential execute commands on the operating system under the context of the webserver.
The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. Has the potential to inject command while creating a new User from User Management.
Product(s) Impacted
| Vendor | Product | Versions |
|---|---|---|
| * |
|
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
*CPE(s)
Affected systems and software identified for this CVE.
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| a | / | web_application | / | / | / | / | / | / | / | / |
Tags
Timeline
Published: July 21, 2025, 7:15 a.m.
Last Modified: July 22, 2025, 1:06 p.m.
Last Modified: July 22, 2025, 1:06 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
b48c3b8f-639e-4c16-8725-497bc411dad0
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.