CVE-2025-27398

LOW Year: 2025
CVSS v3 Score
2.7
Low
Weakness Type
CWE-78
View all →

Vulnerability Description

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly neutralize special characters when interpreting user controlled log paths. This could allow an authenticated highly-privileged remote attacker to execute a limited set of binaries that are already present on the filesystem.

Related Vulnerabilities

CVE-2024-47821

LOW
CVSS:2.3(Low)

pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executa...

CWE-782024

CVE-2021-32556

LOW
CVSS:3.3(Low)

It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.

CWE-782021

CVE-2019-3595

LOW
CVSS:2.0(Low)

Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to exec...

CWE-782019

CVE-2022-0841

LOW
CVSS:3.8(Low)

OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.

CWE-782022

CVE-2024-12970

LOW
CVSS:3.9(Low)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection.This issue affects Pardus O...

CWE-782024

CVE-2024-31843

MEDIUM
CVSS:4.1(Medium)

An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users...

CWE-782024