CVE-2025-6775 (GCVE-0-2025-6775)
Vulnerability from cvelistv5 – Published: 2025-06-27 20:00 – Updated: 2025-06-27 20:15
VLAI?
Title
xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection
Summary
A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.8 is able to address this issue. The patch is named e23559b98c8ea2957f09978c29f4e512ba789eb6. It is recommended to upgrade the affected component.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| xiaoyunjie | openvpn-cms-flask |
Affected:
1.2.0
Affected: 1.2.1 Affected: 1.2.2 Affected: 1.2.3 Affected: 1.2.4 Affected: 1.2.5 Affected: 1.2.6 Affected: 1.2.7 Unaffected: 1.2.8 |
Credits
Tritium (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6775",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T20:14:59.549344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T20:15:17.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"User Creation Endpoint"
],
"product": "openvpn-cms-flask",
"vendor": "xiaoyunjie",
"versions": [
{
"status": "affected",
"version": "1.2.0"
},
{
"status": "affected",
"version": "1.2.1"
},
{
"status": "affected",
"version": "1.2.2"
},
{
"status": "affected",
"version": "1.2.3"
},
{
"status": "affected",
"version": "1.2.4"
},
{
"status": "affected",
"version": "1.2.5"
},
{
"status": "affected",
"version": "1.2.6"
},
{
"status": "affected",
"version": "1.2.7"
},
{
"status": "unaffected",
"version": "1.2.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Tritium (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.8 is able to address this issue. The patch is named e23559b98c8ea2957f09978c29f4e512ba789eb6. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in xiaoyunjie openvpn-cms-flask bis 1.2.7 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion create_user der Datei /app/api/v1/openvpn.py der Komponente User Creation Endpoint. Durch Manipulieren des Arguments Username mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 1.2.8 vermag dieses Problem zu l\u00f6sen. Der Patch wird als e23559b98c8ea2957f09978c29f4e512ba789eb6 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T20:00:20.538Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-314091 | xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.314091"
},
{
"name": "VDB-314091 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.314091"
},
{
"name": "Submit #602373 | xiaoyunjie openvpn-cms-flask 1.2.7 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.602373"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24#issuecomment-2948563464"
},
{
"tags": [
"patch"
],
"url": "https://github.com/xiaoyunjie/openvpn-cms-flask/commit/e23559b98c8ea2957f09978c29f4e512ba789eb6"
},
{
"tags": [
"patch"
],
"url": "https://github.com/xiaoyunjie/openvpn-cms-flask/releases/tag/v1.2.8"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-27T13:08:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6775",
"datePublished": "2025-06-27T20:00:20.538Z",
"dateReserved": "2025-06-27T11:02:52.852Z",
"dateUpdated": "2025-06-27T20:15:17.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-6775\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-06-27T20:15:35.750\",\"lastModified\":\"2025-06-30T18:38:23.493\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.8 is able to address this issue. The patch is named e23559b98c8ea2957f09978c29f4e512ba789eb6. It is recommended to upgrade the affected component.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado una vulnerabilidad cr\u00edtica en xiaoyunjie openvpn-cms-flask hasta la versi\u00f3n 1.2.7. Esta vulnerabilidad afecta a la funci\u00f3n create_user del archivo /app/api/v1/openvpn.py del componente User Creation Endpoint. La manipulaci\u00f3n del argumento \\\"Username\\\" provoca la inyecci\u00f3n de comandos. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Actualizar a la versi\u00f3n 1.2.8 puede solucionar este problema. El parche se llama e23559b98c8ea2957f09978c29f4e512ba789eb6. Se recomienda actualizar el componente afectado.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"},{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"references\":[{\"url\":\"https://github.com/xiaoyunjie/openvpn-cms-flask/commit/e23559b98c8ea2957f09978c29f4e512ba789eb6\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24#issuecomment-2948563464\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://github.com/xiaoyunjie/openvpn-cms-flask/releases/tag/v1.2.8\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?ctiid.314091\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?id.314091\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?submit.602373\",\"source\":\"cna@vuldb.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-6775\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-27T20:14:59.549344Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-27T20:15:09.876Z\"}}], \"cna\": {\"title\": \"xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Tritium (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 6.5, \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C\"}}], \"affected\": [{\"vendor\": \"xiaoyunjie\", \"modules\": [\"User Creation Endpoint\"], \"product\": \"openvpn-cms-flask\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.2.0\"}, {\"status\": \"affected\", \"version\": \"1.2.1\"}, {\"status\": \"affected\", \"version\": \"1.2.2\"}, {\"status\": \"affected\", \"version\": \"1.2.3\"}, {\"status\": \"affected\", \"version\": \"1.2.4\"}, {\"status\": \"affected\", \"version\": \"1.2.5\"}, {\"status\": \"affected\", \"version\": \"1.2.6\"}, {\"status\": \"affected\", \"version\": \"1.2.7\"}, {\"status\": \"unaffected\", \"version\": \"1.2.8\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-06-27T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-06-27T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-06-27T13:08:06.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.314091\", \"name\": \"VDB-314091 | xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.314091\", \"name\": \"VDB-314091 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.602373\", \"name\": \"Submit #602373 | xiaoyunjie openvpn-cms-flask 1.2.7 Command Injection\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24\", \"tags\": [\"exploit\", \"issue-tracking\"]}, {\"url\": \"https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24#issuecomment-2948563464\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/xiaoyunjie/openvpn-cms-flask/commit/e23559b98c8ea2957f09978c29f4e512ba789eb6\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/xiaoyunjie/openvpn-cms-flask/releases/tag/v1.2.8\", \"tags\": [\"patch\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.8 is able to address this issue. The patch is named e23559b98c8ea2957f09978c29f4e512ba789eb6. It is recommended to upgrade the affected component.\"}, {\"lang\": \"de\", \"value\": \"Es wurde eine Schwachstelle in xiaoyunjie openvpn-cms-flask bis 1.2.7 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion create_user der Datei /app/api/v1/openvpn.py der Komponente User Creation Endpoint. Durch Manipulieren des Arguments Username mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \\u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \\u00f6ffentlichen Verf\\u00fcgung. Ein Aktualisieren auf die Version 1.2.8 vermag dieses Problem zu l\\u00f6sen. Der Patch wird als e23559b98c8ea2957f09978c29f4e512ba789eb6 bezeichnet. Als bestm\\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-77\", \"description\": \"Command Injection\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-74\", \"description\": \"Injection\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-06-27T20:00:20.538Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-6775\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-27T20:15:17.511Z\", \"dateReserved\": \"2025-06-27T11:02:52.852Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-06-27T20:00:20.538Z\", \"assignerShortName\": \"VulDB\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…