CVE-2025-27146

MEDIUM Year: 2025
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-77
View all →

Vulnerability Description

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability has been patched in matrix-appservice-irc version 3.0.4.

Related Vulnerabilities

CVE-2021-22868

MEDIUM
CVSS:4.3(Medium)

A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not...

CWE-772021

CVE-2023-26430

MEDIUM
CVSS:4.3(Medium)

Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. This could be abused to access SIEVE extension that are not allowed by App Suite or to inject...

CWE-772023

CVE-2019-1607

MEDIUM
CVSS:4.2(Medium)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerabilit...

CWE-772019

CVE-2019-1608

MEDIUM
CVSS:4.2(Medium)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerabilit...

CWE-772019

CVE-2019-1609

MEDIUM
CVSS:4.2(Medium)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerabilit...

CWE-772019

CVE-2019-1610

MEDIUM
CVSS:4.2(Medium)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerabilit...

CWE-772019