CVE-2025-5306

Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778

CVSS

No CVSS.

References

Link	Resource
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

Configurations

No configuration.

History

30 Jun 2025, 18:38

Type	Values Removed	Values Added
Summary		(es) La neutralización incorrecta de elementos especiales en el campo de directorio Netflow puede permitir la inyección de comandos del sistema operativo. Este problema afecta a Pandora FMS 774 a 778.

27 Jun 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-27 08:15

Updated : 2025-06-30 18:38

NVD link : CVE-2025-5306

Mitre link : CVE-2025-5306

CVE.ORG link : CVE-2025-5306

JSON object : View

Products Affected

No product.

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2025-5306", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@pandorafms.com", "cvssData": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 7.0, "Automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:M/U:Green", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "GREEN", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-27T08:15:22.277", "references": [{"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "source": "security@pandorafms.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@pandorafms.com", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778"}, {"lang": "es", "value": "La neutralizaci\u00f3n incorrecta de elementos especiales en el campo de directorio Netflow puede permitir la inyecci\u00f3n de comandos del sistema operativo. Este problema afecta a Pandora FMS 774 a 778."}], "lastModified": "2025-06-30T18:38:48.477", "sourceIdentifier": "security@pandorafms.com"}

CVE-2025-5306

JSON object

Attach tags to CVE-2025-5306

Attach tags to `CVE-2025-5306`