In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system() call in the ConvertToPDF function.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://cert.pl/en/posts/2025/08/CVE-2025-2313/ |
Configurations
No configuration.
History
27 Aug 2025, 11:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-08-27 11:15
Updated : 2025-08-27 11:15
NVD link : CVE-2025-30057
Mitre link : CVE-2025-30057
CVE.ORG link : CVE-2025-30057
JSON object : View
Products Affected
No product.
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')