Injection Vulnerabilities: Attackers can inject malicious... · CVE-2025-3115 · GitHub Advisory Database · GitHub

Injection Vulnerabilities: Attackers can inject malicious...

Critical severity Unreviewed Published Apr 9, 2025 to the GitHub Advisory Database • Updated Apr 22, 2025

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions.
Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution

References

Published by the National Vulnerability Database

Apr 9, 2025

Published to the GitHub Advisory Database Apr 9, 2025

Last updated Apr 22, 2025

Severity

Critical

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Network

Attack Complexity Low

Attack Requirements None

Privileges Required Low

User interaction None

Vulnerable System Impact Metrics

Confidentiality High

Integrity High

Availability High

Subsequent System Impact Metrics

Confidentiality High

Integrity High

Availability High

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X