CVE-2025-48047

An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint.

CVSS

No CVSS.

References

Link	Resource
https://www.rapid7.com/blog/post/2025/05/29/cve-2025-48045-cve-2025-48046-cve-2025-48047-mici-netfax-server-product-vulnerabilities-not-fixed/

Configurations

No configuration.

History

29 May 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-29 13:15

Updated : 2025-05-29 14:29

NVD link : CVE-2025-48047

Mitre link : CVE-2025-48047

CVE.ORG link : CVE-2025-48047

JSON object : View

Products Affected

No product.

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')