CVE-2025-29331

An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary code via the management script x-ui passes the no check certificate option to wget when downloading updates
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:mhsanaei:3x-ui:*:*:*:*:*:*:*:*

History

10 Jul 2025, 14:49

Type Values Removed Values Added
CPE cpe:2.3:a:mhsanaei:3x-ui:*:*:*:*:*:*:*:*
First Time Mhsanaei 3x-ui
Mhsanaei
Summary
  • (es) Un problema en MHSanaei 3x-ui anterior a v.2.5.3 y anteriores permite que un atacante remoto ejecute código arbitrario a través del script de administración x-ui pasa la opción de no verificar certificado a wget al descargar actualizaciones
References () https://github.com/MHSanaei/3x-ui/pull/2661 - () https://github.com/MHSanaei/3x-ui/pull/2661 - Exploit, Issue Tracking, Patch
References () https://www.digilol.net/security-advisories/dlsec2025-001.html - () https://www.digilol.net/security-advisories/dlsec2025-001.html - Third Party Advisory

26 Jun 2025, 16:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-295

26 Jun 2025, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-26 15:15

Updated : 2025-07-10 14:49


NVD link : CVE-2025-29331

Mitre link : CVE-2025-29331

CVE.ORG link : CVE-2025-29331


JSON object : View

Products Affected

mhsanaei

  • 3x-ui
CWE
CWE-295

Improper Certificate Validation