CVE-2025-30057

In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system() call in the ConvertToPDF function.

CVSS

No CVSS.

References

Link	Resource
https://cert.pl/en/posts/2025/08/CVE-2025-2313/

Configurations

No configuration.

History

29 Aug 2025, 16:24

Type	Values Removed	Values Added
Summary		(es) En UHCRTFDoc, el parámetro de nombre de archivo se puede aprovechar para ejecutar código arbitrario a través de la inyección de comando en la llamada system() en la función ConvertToPDF.

27 Aug 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-27 11:15

Updated : 2025-08-29 16:24

NVD link : CVE-2025-30057

Mitre link : CVE-2025-30057

CVE.ORG link : CVE-2025-30057

JSON object : View

Products Affected

No product.

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2025-30057", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.4, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-27T11:15:37.980", "references": [{"url": "https://cert.pl/en/posts/2025/08/CVE-2025-2313/", "source": "cvd@cert.pl"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system() call in the ConvertToPDF function."}, {"lang": "es", "value": "En UHCRTFDoc, el par\u00e1metro de nombre de archivo se puede aprovechar para ejecutar c\u00f3digo arbitrario a trav\u00e9s de la inyecci\u00f3n de comando en la llamada system() en la funci\u00f3n ConvertToPDF."}], "lastModified": "2025-08-29T16:24:09.860", "sourceIdentifier": "cvd@cert.pl"}

CVE-2025-30057

JSON object

Attach tags to CVE-2025-30057

Attach tags to `CVE-2025-30057`