CVE-2025-7404 MEDIUM

CVE-2025-7404: Calibre Web 0.6.24 & Autocaliweb 0.7.0 - Blind C

Vendor Calibre Web

Product Calibre Web

Weakness CWE-78

Published July 24, 2025

Last update July 25, 2025

View on NVD All CVEs

CVSS base score

5.9/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection.This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.

Key dates

02Disclosure timeline

July 24, 2025 CVE published

July 25, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-7404 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2025-7404

CWE CWE-78

CVSS 5.9 / MEDIUM

Affected versions

Vendor Calibre Web

Product Calibre Web

Affected 0.6.24

Vendor Autocaliweb

Product Autocaliweb

Affected ≥ 0.7.0 and < 0.7.1

CVE-2025-7404: Calibre Web 0.6.24 & Autocaliweb 0.7.0 - Blind C

01Description

02Disclosure timeline

03References

04Related CVE