← voltar
CVE-2025-60938

CVE-2025-60938

CVSS 7.5 HIGHEPSS 0.6%CWE-20
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
24 out 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that allows authenticated users to execute arbitrary commands on the target system. The vulnerability stems from insufficient input validation of user-controlled parameters including filename, port, baud_rate, core, and autoreset within the /admin/upload-custom-firmware endpoint.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
n/a · n/a