CVE-2025-5306 HIGH

CVE-2025-5306: Command Injection in Netflow path

Vendor Pandora Fms
Product Pandora FMS
Weakness CWE-77
Published June 27, 2025
Last update June 27, 2025

CVSS base score

7.0/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L/S:N/AU:N/R:U/V:D/RE:M/U:Green

What the vulnerability does

01Description

Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778

Key dates

02Disclosure timeline

June 27, 2025 CVE published
June 27, 2025 Record updated