CVE-2025-0914 LOW

CVE-2025-0914: Velociraptor Shell Plugin Prevent_execve Bypass

Vendor Rapid7
Product Velociraptor
Weakness CWE-281
Published February 27, 2025
Last update February 27, 2025

CVSS base score

3.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where this was explicitly forbidden by configuring the prevent_execve flag in the configuration file. This setting is not usually recommended and is uncommonly used, so this issue will only affect users who do set it. This issue is fixed in release 0.73.4.

Key dates

02Disclosure timeline

February 27, 2025 CVE published
February 27, 2025 Record updated