CVE-2025-26845

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.znuny.com	Product
https://www.znuny.org/en/advisories/zsa-2025-03	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:znuny:znuny:::::lts:::*
	cpe:2.3:a:znuny:znuny:::::lts:::*
	cpe:2.3:a:znuny:znuny:::::-:::*

History

16 May 2025, 15:39

Type	Values Removed	Values Added
CPE		cpe:2.3:a:znuny:znuny:::::lts:::* cpe:2.3:a:znuny:znuny:::::-:::*
References	~~() https://www.znuny.com -~~	() https://www.znuny.com - Product
References	~~() https://www.znuny.org/en/advisories/zsa-2025-03 -~~	() https://www.znuny.org/en/advisories/zsa-2025-03 - Vendor Advisory
CWE		CWE-94
First Time		Znuny Znuny znuny

12 May 2025, 17:32

Type	Values Removed	Values Added
Summary		(es) Se detectó un problema de inyección de evaluación en Znuny hasta la versión 7.1.3. Un usuario con acceso de escritura al archivo de configuración puede usarlo para ejecutar un comando ejecutado por el usuario que ejecuta el script backup.pl.

08 May 2025, 19:16

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CWE		CWE-95

08 May 2025, 17:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-08 17:16

Updated : 2025-05-16 15:39

NVD link : CVE-2025-26845

Mitre link : CVE-2025-26845

CVE.ORG link : CVE-2025-26845

JSON object : View

Products Affected

znuny

znuny

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-95

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

{"id": "CVE-2025-26845", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-05-08T17:16:01.523", "references": [{"url": "https://www.znuny.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.znuny.org/en/advisories/zsa-2025-03", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-95"}]}], "descriptions": [{"lang": "en", "value": "An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script."}, {"lang": "es", "value": "Se detect\u00f3 un problema de inyecci\u00f3n de evaluaci\u00f3n en Znuny hasta la versi\u00f3n 7.1.3. Un usuario con acceso de escritura al archivo de configuraci\u00f3n puede usarlo para ejecutar un comando ejecutado por el usuario que ejecuta el script backup.pl."}], "lastModified": "2025-05-16T15:39:14.403", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:znuny:znuny:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "E9C85307-00AF-4C04-A3AC-FF4E89DA8DD8", "versionEndIncluding": "6.0.48", "versionStartIncluding": "6.0.31"}, {"criteria": "cpe:2.3:a:znuny:znuny:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "81E060E6-A261-4BCE-9595-1F02922BDC8C", "versionEndIncluding": "6.5.11", "versionStartIncluding": "6.5.1"}, {"criteria": "cpe:2.3:a:znuny:znuny:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "E5DD8BCD-31FA-46F0-A65B-2DC570F840D3", "versionEndIncluding": "7.1.3", "versionStartIncluding": "7.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}