An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary code via the management script x-ui passes the no check certificate option to wget when downloading updates
References
Link | Resource |
---|---|
https://github.com/MHSanaei/3x-ui/pull/2661 | Exploit Issue Tracking Patch |
https://www.digilol.net/security-advisories/dlsec2025-001.html | Third Party Advisory |
Configurations
History
10 Jul 2025, 14:49
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mhsanaei:3x-ui:*:*:*:*:*:*:*:* | |
First Time |
Mhsanaei 3x-ui
Mhsanaei |
|
Summary |
|
|
References | () https://github.com/MHSanaei/3x-ui/pull/2661 - Exploit, Issue Tracking, Patch | |
References | () https://www.digilol.net/security-advisories/dlsec2025-001.html - Third Party Advisory |
26 Jun 2025, 16:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-295 |
26 Jun 2025, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-06-26 15:15
Updated : 2025-07-10 14:49
NVD link : CVE-2025-29331
Mitre link : CVE-2025-29331
CVE.ORG link : CVE-2025-29331
JSON object : View
Products Affected
mhsanaei
- 3x-ui
CWE
CWE-295
Improper Certificate Validation