CVE-2025-4653

Improper Neutralization of Special Elements in the backup name field may allow OS command injection. This issue affects Pandora ITSM 5.0.105.

CVSS

No CVSS.

References

Link	Resource
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

Configurations

No configuration.

History

12 Jun 2025, 16:06

Type	Values Removed	Values Added
Summary		(es) La neutralización incorrecta de elementos especiales en el campo de nombre de la copia de seguridad puede permitir la inyección de comandos del sistema operativo. Este problema afecta a Pandora ITSM 5.0.105.

10 Jun 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-10 16:15

Updated : 2025-06-12 16:06

NVD link : CVE-2025-4653

Mitre link : CVE-2025-4653

CVE.ORG link : CVE-2025-4653

JSON object : View

Products Affected

No product.

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2025-4653", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@pandorafms.com", "cvssData": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 7.0, "Automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:M/U:Green", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "GREEN", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-10T16:15:42.607", "references": [{"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "source": "security@pandorafms.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@pandorafms.com", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements in the backup name field may allow OS command injection. This issue affects Pandora ITSM 5.0.105."}, {"lang": "es", "value": "La neutralizaci\u00f3n incorrecta de elementos especiales en el campo de nombre de la copia de seguridad puede permitir la inyecci\u00f3n de comandos del sistema operativo. Este problema afecta a Pandora ITSM 5.0.105."}], "lastModified": "2025-06-12T16:06:39.330", "sourceIdentifier": "security@pandorafms.com"}

CVE-2025-4653

JSON object

Attach tags to CVE-2025-4653

Attach tags to `CVE-2025-4653`