CVE-2025-1244 HIGH

CVE-2025-1244: Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Weakness CWE-78
Published February 12, 2025
Last update February 25, 2026

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

Key dates

02Disclosure timeline

February 12, 2025 CVE published
February 25, 2026 Record updated