A vulnerability was found in mtr up to 0.95. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Environment Variable Handler. The manipulation of the argument MTR_PACKET leads to inclusion of functionality from untrusted control sphere.

This vulnerability is known as CVE-2025-49809. Local access is required to approach this attack. There is no exploit available.

It is recommended to apply a patch to fix this issue.