CVE-2025-49809 | mtr up to 0.95 Environment Variable MTR_PACKET inclusion of functionality from untrusted control sphere (Issue 35085)

Inserito da Angelo Barbosa | Lug 4, 2025 | CVE

A vulnerability was found in mtr up to 0.95. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Environment Variable Handler. The manipulation of the argument MTR_PACKET leads to inclusion of functionality from untrusted control sphere.

This vulnerability is known as CVE-2025-49809. Local access is required to approach this attack. There is no exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2025-49809 | mtr up to 0.95 Environment Variable MTR_PACKET inclusion of functionality from untrusted control sphere (Issue 35085)

Post correlati

CVE-2024-42255 | Linux Kernel up to 6.10.0 tpm_buf_check_hmac_response null pointer dereference (b9afbb9a0c73/7dc357d343f1)

CVE-2024-0669 | Plone CMS 6.0.5 URL cross site scripting

CVE-2023-42010 | IBM Sterling B2B Integrator Standard Edition up to 6.1.2.5/6.2.0.2 HTTP Response unknown vulnerability (XFDB-265507)

CVE-2024-36485 | Zoho ManageEngine ADAudit Plus up to 8121 Technician Reports Option sql injection