216.73.217.64

CVE-2025-0422

· Published 18/02/2025 08:15 · Modified 18/02/2025 08:15

Labels: CVE-2025-0422 2025-02-18CVE-2025-0422CWE-20[email protected]

Essential information

Published
18/02/2025 08:15
Modified
18/02/2025 08:15
Author
Creator
CISA KEV
No
CWE

Description

An authenticated user in the "bestinformed Web" application can execute commands on the underlying server running the application. (Remote Code Execution) For this, the user must be able to create "ScriptVars" with the type „script" and preview them by, for example, creating a new "Info". By default, admin users have those permissions, but with the granular permission system, those permissions may be assigned to other users. An attacker is able to execute commands on the server running the "bestinformed Web" application if an account with the correct permissions was compromised before.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References