CVE-2025-30055

The "system" function receives untrusted input from the user. If the "EnableJSCaching" option is enabled, it is possible to execute arbitrary code provided as the "Module" parameter.

CVSS

No CVSS.

References

Link	Resource
https://cert.pl/en/posts/2025/08/CVE-2025-2313/

Configurations

No configuration.

History

No history.

Information

Published : 2025-08-27 11:15

Updated : 2025-08-29 16:24

NVD link : CVE-2025-30055

Mitre link : CVE-2025-30055

CVE.ORG link : CVE-2025-30055

JSON object : View

Products Affected

No product.

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2025-30055", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.0, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-27T11:15:36.720", "references": [{"url": "https://cert.pl/en/posts/2025/08/CVE-2025-2313/", "source": "cvd@cert.pl"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "The \"system\" function receives untrusted input from the user. If the \"EnableJSCaching\" option is enabled, it is possible to execute arbitrary code provided as the \"Module\" parameter."}, {"lang": "es", "value": "La funci\u00f3n \"system\" recibe informaci\u00f3n no confiable del usuario. Si la opci\u00f3n \"EnableJSCaching\" est\u00e1 habilitada, es posible ejecutar c\u00f3digo arbitrario proporcionado como par\u00e1metro \"Module\"."}], "lastModified": "2025-08-29T16:24:09.860", "sourceIdentifier": "cvd@cert.pl"}

CVE-2025-30055

JSON object

Attach tags to CVE-2025-30055

Attach tags to `CVE-2025-30055`