The "system" function receives untrusted input from the user. If the "EnableJSCaching" option is enabled, it is possible to execute arbitrary code provided as the "Module" parameter.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://cert.pl/en/posts/2025/08/CVE-2025-2313/ |
Configurations
No configuration.
History
27 Aug 2025, 11:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-08-27 11:15
Updated : 2025-08-27 11:15
NVD link : CVE-2025-30055
Mitre link : CVE-2025-30055
CVE.ORG link : CVE-2025-30055
JSON object : View
Products Affected
No product.
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')