What the vulnerability does
01Description
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS base score
6.8/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Key dates
02Disclosure timeline
November 17, 2025
CVE published
November 17, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-9580 LB-LINK BL-X26 HTTP set_blacklist os command injection
CVE-2026-42589 Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection
CVE-2026-23759 Perle IOLAN STS/SCS Authenticated Command Injection via 'shell ps'
CVE-2024-49564
CVE-2025-64340 FastMCP has a Command Injection vulnerability - Gemini CLI
