CVE-2025-62713 HIGH

CVE-2025-62713: Kottster app reinitialization can be re-triggered allowing command injection in development mode

Vendor Kottster

Product kottster

Weakness CWE-284

Published October 23, 2025

Last update October 23, 2025

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

What the vulnerability does

01Description

Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been fixed in version 3.3.2.

Key dates

02Disclosure timeline

October 23, 2025 CVE published

October 23, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-62713

Related vulnerabilities

CVE-2025-62713: Kottster app reinitialization can be re-triggered allowing command injection in development mode

01Description

02Disclosure timeline

03References

04Related CVE