CVE-2025-25038 CRITICAL

CVE-2025-25038: MiniDVBLinux Root Command Injection

Vendor Minidvblinux
Product MiniDVBLinux
Weakness CWE-78
Published June 20, 2025
Last update May 14, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary commands as the root user, potentially compromising the entire device. Exploitation evidence was observed by the Shadowserver Foundation on 2024-04-10 UTC.

Key dates

02Disclosure timeline

June 20, 2025 CVE published
May 14, 2026 Record updated