Common Weakness Enumeration

CWE-77

Allowed-with-Review

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Abstraction: Class · Status: Draft

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

5381 vulnerabilities reference this CWE, most recent first.

CVE-2025-8829 (GCVE-0-2025-8829)

Vulnerability from cvelistv5 – Published: 2025-08-11 04:02 – Updated: 2025-08-12 14:08
VLAI
Title
Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto um_red os command injection
Summary
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function um_red of the file /goform/RP_setBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Credits
pjq123 (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8829",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-12T14:08:00.735048Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-12T14:08:05.435Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_45/45.md#poc"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_45/45.md"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RE6250",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE6300",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE6350",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE6500",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE7000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE9000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "pjq123 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function um_red of the file /goform/RP_setBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Dabei geht es um die Funktion um_red der Datei /goform/RP_setBasicAuto. Dank der Manipulation des Arguments hname mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-11T04:02:05.689Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-319363 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto um_red os command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.319363"
        },
        {
          "name": "VDB-319363 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.319363"
        },
        {
          "name": "Submit #626694 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 OS Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.626694"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_45/45.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_45/45.md#poc"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.linksys.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-10T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-10T10:11:53.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto um_red os command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-8829",
    "datePublished": "2025-08-11T04:02:05.689Z",
    "dateReserved": "2025-08-10T07:54:04.103Z",
    "dateUpdated": "2025-08-12T14:08:05.435Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8828 (GCVE-0-2025-8828)

Vulnerability from cvelistv5 – Published: 2025-08-11 03:32 – Updated: 2025-08-12 14:09
VLAI
Title
Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setIpv6 ipv6cmd os command injection
Summary
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function ipv6cmd of the file /goform/setIpv6. The manipulation of the argument Ipv6PriDns/Ipv6SecDns/Ipv6StaticGateway/LanIpv6Addr/LanPrefixLen/pppoeUser/pppoePass/pppoeIdleTime/pppoeRedialPeriod/Ipv6in4_PrefixLen/LocalIpv6/RemoteIpv4/LanIPv6_Prefix/LanPrefixLen/ipv6to4Relay/ipv6rdRelay/tunrd_PrefixLen/wan_UseLinkLocal/Ipv6StaticIp/Ipv6PrefixLen leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Credits
pjq123 (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8828",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-12T14:09:26.315772Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-12T14:09:29.950Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_44/44.md#poc"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_44/44.md"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RE6250",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE6300",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE6350",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE6500",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE7000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE9000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "pjq123 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function ipv6cmd of the file /goform/setIpv6. The manipulation of the argument Ipv6PriDns/Ipv6SecDns/Ipv6StaticGateway/LanIpv6Addr/LanPrefixLen/pppoeUser/pppoePass/pppoeIdleTime/pppoeRedialPeriod/Ipv6in4_PrefixLen/LocalIpv6/RemoteIpv4/LanIPv6_Prefix/LanPrefixLen/ipv6to4Relay/ipv6rdRelay/tunrd_PrefixLen/wan_UseLinkLocal/Ipv6StaticIp/Ipv6PrefixLen leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es geht dabei um die Funktion ipv6cmd der Datei /goform/setIpv6. Durch Beeinflussen des Arguments Ipv6PriDns/Ipv6SecDns/Ipv6StaticGateway/LanIpv6Addr/LanPrefixLen/pppoeUser/pppoePass/pppoeIdleTime/pppoeRedialPeriod/Ipv6in4_PrefixLen/LocalIpv6/RemoteIpv4/LanIPv6_Prefix/LanPrefixLen/ipv6to4Relay/ipv6rdRelay/tunrd_PrefixLen/wan_UseLinkLocal/Ipv6StaticIp/Ipv6PrefixLen mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-11T03:32:05.882Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-319362 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setIpv6 ipv6cmd os command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.319362"
        },
        {
          "name": "VDB-319362 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.319362"
        },
        {
          "name": "Submit #626693 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001)  RE6250(1.0.04.001)  RE6300(1.2.07.001)  RE6350(1.0.04.001)  RE7000(1.1.05.003)  RE9000(1.0.04.002) OS Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.626693"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_44/44.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_44/44.md#poc"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.linksys.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-10T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-10T10:11:52.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setIpv6 ipv6cmd os command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-8828",
    "datePublished": "2025-08-11T03:32:05.882Z",
    "dateReserved": "2025-08-10T07:54:01.680Z",
    "dateUpdated": "2025-08-12T14:09:29.950Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8827 (GCVE-0-2025-8827)

Vulnerability from cvelistv5 – Published: 2025-08-11 03:02 – Updated: 2025-08-12 14:21
VLAI
Title
Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto um_inspect_cross_band os command injection
Summary
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function um_inspect_cross_band of the file /goform/RP_setBasicAuto. The manipulation of the argument staticGateway leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Credits
pjq123 (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8827",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-12T14:21:11.472745Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-12T14:21:14.853Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_43/43.md#poc"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_43/43.md"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RE6250",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE6300",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE6350",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE6500",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE7000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE9000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "pjq123 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function um_inspect_cross_band of the file /goform/RP_setBasicAuto. The manipulation of the argument staticGateway leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es geht hierbei um die Funktion um_inspect_cross_band der Datei /goform/RP_setBasicAuto. Durch das Beeinflussen des Arguments staticGateway mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-11T03:02:06.170Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-319361 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto um_inspect_cross_band os command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.319361"
        },
        {
          "name": "VDB-319361 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.319361"
        },
        {
          "name": "Submit #626692 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001)  RE6250(1.0.04.001)  RE6300(1.2.07.001)  RE6350(1.0.04.001)  RE7000(1.1.05.003)  RE9000(1.0.04.002) OS Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.626692"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_43/43.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_43/43.md#poc"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.linksys.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-10T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-10T10:11:49.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto um_inspect_cross_band os command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-8827",
    "datePublished": "2025-08-11T03:02:06.170Z",
    "dateReserved": "2025-08-10T07:53:59.145Z",
    "dateUpdated": "2025-08-12T14:21:14.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8825 (GCVE-0-2025-8825)

Vulnerability from cvelistv5 – Published: 2025-08-11 02:02 – Updated: 2025-08-12 14:35
VLAI
Title
Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto os command injection
Summary
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function RP_setBasicAuto of the file /goform/RP_setBasicAuto. The manipulation of the argument staticIp/staticNetmask leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Credits
pjq123 (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8825",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-12T14:34:58.428558Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-12T14:35:01.896Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_41/41.md#poc"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_41/41.md"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RE6250",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE6300",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE6350",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE6500",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE7000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE9000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "pjq123 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function RP_setBasicAuto of the file /goform/RP_setBasicAuto. The manipulation of the argument staticIp/staticNetmask leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Betroffen hiervon ist die Funktion RP_setBasicAuto der Datei /goform/RP_setBasicAuto. Durch das Manipulieren des Arguments staticIp/staticNetmask mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-11T02:02:06.384Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-319359 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto os command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.319359"
        },
        {
          "name": "VDB-319359 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.319359"
        },
        {
          "name": "Submit #626690 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001)  RE6250(1.0.04.001)  RE6300(1.2.07.001)  RE6350(1.0.04.001)  RE7000(1.1.05.003)  RE9000(1.0.04.002) OS Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.626690"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_41/41.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_41/41.md#poc"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.linksys.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-10T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-10T10:11:45.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto os command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-8825",
    "datePublished": "2025-08-11T02:02:06.384Z",
    "dateReserved": "2025-08-10T07:53:53.892Z",
    "dateUpdated": "2025-08-12T14:35:01.896Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8823 (GCVE-0-2025-8823)

Vulnerability from cvelistv5 – Published: 2025-08-11 01:05 – Updated: 2025-08-12 15:08
VLAI
Title
Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setDeviceName os command injection
Summary
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setDeviceName of the file /goform/setDeviceName. The manipulation of the argument DeviceName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Credits
pjqwudi (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8823",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-12T15:08:08.222328Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-12T15:08:13.288Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_57/57.md"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_57/57.md#poc"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RE6250",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE6300",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE6350",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE6500",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE7000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE9000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "pjqwudi (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setDeviceName of the file /goform/setDeviceName. The manipulation of the argument DeviceName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Betroffen ist die Funktion setDeviceName der Datei /goform/setDeviceName. Mittels dem Manipulieren des Arguments DeviceName mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-11T01:05:04.129Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-319357 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setDeviceName os command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.319357"
        },
        {
          "name": "VDB-319357 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.319357"
        },
        {
          "name": "Submit #626687 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001)  RE6250(1.0.04.001)  RE6300(1.2.07.001)  RE6350(1.0.04.001)  RE7000(1.1.05.003)  RE9000(1.0.04.002) OS Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.626687"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_57/57.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_57/57.md#poc"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.linksys.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-10T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-10T10:11:42.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setDeviceName os command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-8823",
    "datePublished": "2025-08-11T01:05:04.129Z",
    "dateReserved": "2025-08-10T07:53:48.447Z",
    "dateUpdated": "2025-08-12T15:08:13.288Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8821 (GCVE-0-2025-8821)

Vulnerability from cvelistv5 – Published: 2025-08-11 00:02 – Updated: 2025-08-12 14:12
VLAI
Title
Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasic os command injection
Summary
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function RP_setBasic of the file /goform/RP_setBasic. The manipulation of the argument bssid leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Credits
pjqwudi (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8821",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-12T14:12:12.271260Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-12T14:12:17.881Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md#poc"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RE6250",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE6300",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE6350",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE6500",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE7000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE9000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "pjqwudi (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function RP_setBasic of the file /goform/RP_setBasic. The manipulation of the argument bssid leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Davon betroffen ist die Funktion RP_setBasic der Datei /goform/RP_setBasic. Durch die Manipulation des Arguments bssid mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-11T00:02:06.241Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-319355 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasic os command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.319355"
        },
        {
          "name": "VDB-319355 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.319355"
        },
        {
          "name": "Submit #626685 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001)  RE6250(1.0.04.001)  RE6300(1.2.07.001)  RE6350(1.0.04.001)  RE7000(1.1.05.003)  RE9000(1.0.04.002) OS Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.626685"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md#poc"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.linksys.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-10T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-10T10:11:12.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasic os command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-8821",
    "datePublished": "2025-08-11T00:02:06.241Z",
    "dateReserved": "2025-08-10T07:53:42.812Z",
    "dateUpdated": "2025-08-12T14:12:17.881Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8818 (GCVE-0-2025-8818)

Vulnerability from cvelistv5 – Published: 2025-08-10 22:32 – Updated: 2025-08-12 15:18
VLAI
Title
Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setLan setDFSSetting os command injection
Summary
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setDFSSetting of the file /goform/setLan. The manipulation of the argument lanNetmask/lanIp leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Credits
pjqwudi (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8818",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-12T15:18:20.811126Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-12T15:18:23.965Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_52/52.md#poc"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_52/52.md"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RE6250",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE6300",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE6350",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE6500",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE7000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        },
        {
          "product": "RE9000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "20250801"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "pjqwudi (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setDFSSetting of the file /goform/setLan. The manipulation of the argument lanNetmask/lanIp leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Dies betrifft die Funktion setDFSSetting der Datei /goform/setLan. Dank der Manipulation des Arguments lanNetmask/lanIp mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-10T22:32:07.499Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-319352 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setLan setDFSSetting os command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.319352"
        },
        {
          "name": "VDB-319352 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.319352"
        },
        {
          "name": "Submit #626682 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001)  RE6250(1.0.04.001)  RE6300(1.2.07.001)  RE6350(1.0.04.001)  RE7000(1.1.05.003)  RE9000(1.0.04.002) OS Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.626682"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_52/52.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_52/52.md#poc"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.linksys.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-10T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-10T10:08:54.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setLan setDFSSetting os command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-8818",
    "datePublished": "2025-08-10T22:32:07.499Z",
    "dateReserved": "2025-08-10T07:53:34.647Z",
    "dateUpdated": "2025-08-12T15:18:23.965Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8752 (GCVE-0-2025-8752)

Vulnerability from cvelistv5 – Published: 2025-08-09 12:02 – Updated: 2025-08-11 16:31
VLAI
Title
wangzhixuan spring-shiro-training add command injection
Summary
A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.319246 vdb-entry
https://vuldb.com/?ctiid.319246 signaturepermissions-required
https://vuldb.com/?submit.623679 third-party-advisory
https://gitee.com/wangzhixuan/spring-shiro-traini… exploitissue-tracking
Impacted products
Vendor Product Version
wangzhixuan spring-shiro-training Affected: 94812c1fd8f7fe796c931f4984ff1aa0671ab562
Create a notification for this product.
Credits
fushuling (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8752",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-11T16:28:13.182739Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-11T16:31:41.974Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://gitee.com/wangzhixuan/spring-shiro-training/issues/ICP2ME"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "spring-shiro-training",
          "vendor": "wangzhixuan",
          "versions": [
            {
              "status": "affected",
              "version": "94812c1fd8f7fe796c931f4984ff1aa0671ab562"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "fushuling (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available."
        },
        {
          "lang": "de",
          "value": "In wangzhixuan spring-shiro-training bis 94812c1fd8f7fe796c931f4984ff1aa0671ab562 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /role/add. Durch Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-09T12:02:10.294Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-319246 | wangzhixuan spring-shiro-training add command injection",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.319246"
        },
        {
          "name": "VDB-319246 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.319246"
        },
        {
          "name": "Submit #623679 | wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562 Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.623679"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://gitee.com/wangzhixuan/spring-shiro-training/issues/ICP2ME"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-08T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-08T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-08T13:50:15.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "wangzhixuan spring-shiro-training add command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-8752",
    "datePublished": "2025-08-09T12:02:10.294Z",
    "dateReserved": "2025-08-08T11:45:12.411Z",
    "dateUpdated": "2025-08-11T16:31:41.974Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8697 (GCVE-0-2025-8697)

Vulnerability from cvelistv5 – Published: 2025-08-07 19:02 – Updated: 2025-08-07 19:23
VLAI
Title
agentUniverse MCPSessionManager/MCPTool/MCPToolkit StdioServerParameters os command injection
Summary
A vulnerability was found in agentUniverse up to 0.0.18 and classified as critical. This issue affects the function StdioServerParameters of the component MCPSessionManager/MCPTool/MCPToolkit. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a agentUniverse Affected: 0.0.1
Affected: 0.0.2
Affected: 0.0.3
Affected: 0.0.4
Affected: 0.0.5
Affected: 0.0.6
Affected: 0.0.7
Affected: 0.0.8
Affected: 0.0.9
Affected: 0.0.10
Affected: 0.0.11
Affected: 0.0.12
Affected: 0.0.13
Affected: 0.0.14
Affected: 0.0.15
Affected: 0.0.16
Affected: 0.0.17
Affected: 0.0.18
Credits
bayuncao (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8697",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-07T19:22:51.110036Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-07T19:23:03.703Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "MCPSessionManager/MCPTool/MCPToolkit"
          ],
          "product": "agentUniverse",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "0.0.1"
            },
            {
              "status": "affected",
              "version": "0.0.2"
            },
            {
              "status": "affected",
              "version": "0.0.3"
            },
            {
              "status": "affected",
              "version": "0.0.4"
            },
            {
              "status": "affected",
              "version": "0.0.5"
            },
            {
              "status": "affected",
              "version": "0.0.6"
            },
            {
              "status": "affected",
              "version": "0.0.7"
            },
            {
              "status": "affected",
              "version": "0.0.8"
            },
            {
              "status": "affected",
              "version": "0.0.9"
            },
            {
              "status": "affected",
              "version": "0.0.10"
            },
            {
              "status": "affected",
              "version": "0.0.11"
            },
            {
              "status": "affected",
              "version": "0.0.12"
            },
            {
              "status": "affected",
              "version": "0.0.13"
            },
            {
              "status": "affected",
              "version": "0.0.14"
            },
            {
              "status": "affected",
              "version": "0.0.15"
            },
            {
              "status": "affected",
              "version": "0.0.16"
            },
            {
              "status": "affected",
              "version": "0.0.17"
            },
            {
              "status": "affected",
              "version": "0.0.18"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "bayuncao (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in agentUniverse up to 0.0.18 and classified as critical. This issue affects the function StdioServerParameters of the component MCPSessionManager/MCPTool/MCPToolkit. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine kritische Schwachstelle wurde in agentUniverse bis 0.0.18 gefunden. Dies betrifft die Funktion StdioServerParameters der Komponente MCPSessionManager/MCPTool/MCPToolkit. Mittels Manipulieren mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-07T19:02:05.494Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-319127 | agentUniverse MCPSessionManager/MCPTool/MCPToolkit StdioServerParameters os command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.319127"
        },
        {
          "name": "VDB-319127 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.319127"
        },
        {
          "name": "Submit #621376 | agentuniverse-ai agentUniverse v0.0.18 OS Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.621376"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/bayuncao-bit/vul-37"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/bayuncao-bit/vul-37#proof-of-concept"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-07T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-07T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-07T12:51:49.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "agentUniverse MCPSessionManager/MCPTool/MCPToolkit StdioServerParameters os command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-8697",
    "datePublished": "2025-08-07T19:02:05.494Z",
    "dateReserved": "2025-08-07T10:46:45.886Z",
    "dateUpdated": "2025-08-07T19:23:03.703Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8667 (GCVE-0-2025-8667)

Vulnerability from cvelistv5 – Published: 2025-08-06 18:02 – Updated: 2025-08-06 20:27
VLAI
Title
SkyworkAI DeepResearchAgent tools.py from_mcp os command injection
Summary
A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Affected is the function from_code/from_dict/from_mcp of the file src/tools/tools.py. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.319026 vdb-entrytechnical-description
https://vuldb.com/?ctiid.319026 signaturepermissions-required
https://vuldb.com/?submit.621324 third-party-advisory
https://github.com/bayuncao-bit/vul-36 broken-link
https://github.com/bayuncao-bit/vul-36#proof-of-concept broken-linkexploit
Impacted products
Vendor Product Version
SkyworkAI DeepResearchAgent Affected: 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2
Create a notification for this product.
Credits
bayuncao (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8667",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-06T20:27:48.585738Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-06T20:27:56.519Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DeepResearchAgent",
          "vendor": "SkyworkAI",
          "versions": [
            {
              "status": "affected",
              "version": "08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "bayuncao (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Affected is the function from_code/from_dict/from_mcp of the file src/tools/tools.py. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in SkyworkAI DeepResearchAgent bis 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2 gefunden. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion from_code/from_dict/from_mcp der Datei src/tools/tools.py. Durch Manipulation mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-06T18:02:05.465Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-319026 | SkyworkAI DeepResearchAgent tools.py from_mcp os command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.319026"
        },
        {
          "name": "VDB-319026 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.319026"
        },
        {
          "name": "Submit #621324 | SkyworkAI DeepResearchAgent main OS Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.621324"
        },
        {
          "tags": [
            "broken-link"
          ],
          "url": "https://github.com/bayuncao-bit/vul-36"
        },
        {
          "tags": [
            "broken-link",
            "exploit"
          ],
          "url": "https://github.com/bayuncao-bit/vul-36#proof-of-concept"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-06T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-06T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-06T12:38:29.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "SkyworkAI DeepResearchAgent tools.py from_mcp os command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-8667",
    "datePublished": "2025-08-06T18:02:05.465Z",
    "dateReserved": "2025-08-06T09:01:40.112Z",
    "dateUpdated": "2025-08-06T20:27:56.519Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

If at all possible, use library calls rather than external processes to recreate the desired functionality.

Mitigation
Implementation

If possible, ensure that all external commands called from the program are statically created.

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation
Operation

Run time: Run time policy enforcement may be used in an allowlist fashion to prevent use of any non-sanctioned commands.

Mitigation
System Configuration

Assign permissions that prevent the user from accessing/opening privileged files.

CAPEC-136: LDAP Injection

An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.

CAPEC-15: Command Delimiters

An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.

CAPEC-183: IMAP/SMTP Command Injection

An adversary exploits weaknesses in input validation on web-mail servers to execute commands on the IMAP/SMTP server. Web-mail servers often sit between the Internet and the IMAP or SMTP mail server. User requests are received by the web-mail servers which then query the back-end mail server for the requested information and return this response to the user. In an IMAP/SMTP command injection attack, mail-server commands are embedded in parts of the request sent to the web-mail server. If the web-mail server fails to adequately sanitize these requests, these commands are then sent to the back-end mail server when it is queried by the web-mail server, where the commands are then executed. This attack can be especially dangerous since administrators may assume that the back-end server is protected against direct Internet access and therefore may not secure it adequately against the execution of malicious commands.

CAPEC-248: Command Injection

An adversary looking to execute a command of their choosing, injects new items into an existing command thus modifying interpretation away from what was intended. Commands in this context are often standalone strings that are interpreted by a downstream component and cause specific responses. This type of attack is possible when untrusted values are used to build these command strings. Weaknesses in input validation or command construction can enable the attack and lead to successful exploitation.

CAPEC-40: Manipulating Writeable Terminal Devices

This attack exploits terminal devices that allow themselves to be written to by other users. The attacker sends command strings to the target terminal device hoping that the target user will hit enter and thereby execute the malicious command with their privileges. The attacker can send the results (such as copying /etc/passwd) to a known directory and collect once the attack has succeeded.

CAPEC-43: Exploiting Multiple Input Interpretation Layers

An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: <parser1> --> <input validator> --> <parser2>. In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.

CAPEC-75: Manipulating Writeable Configuration Files

Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.