ГлавнаяУязвимости → CVE-2025-27590
9критическая

CVE-2025-27590

Описание

In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web.

Затрагиваемое ПО
Oxidized web project Oxidized web
CVSS
Балл9 — критическая
ВекторCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Источники
https://github.com/ytti/oxidized-web/commit/a5220a0ddc57b85cd122bffee228d3ed4901668ehttps://github.com/ytti/oxidized-web/releases/tag/0.15.0