CVE-2025-49809 | mtr up to 0.95 Environment Variable MTR_PACKET inclusion of functionality from untrusted control sphere (Issue 35085)

Inserito da Angelo Barbosa | Lug 4, 2025 | CVE

A vulnerability was found in mtr up to 0.95. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Environment Variable Handler. The manipulation of the argument MTR_PACKET leads to inclusion of functionality from untrusted control sphere.

This vulnerability is known as CVE-2025-49809. Local access is required to approach this attack. There is no exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2025-49809 | mtr up to 0.95 Environment Variable MTR_PACKET inclusion of functionality from untrusted control sphere (Issue 35085)

Post correlati

CVE-2025-45867 | TOTOLINK A3002R 4.0.0-B20230531.1404 formIpv6Setup static_dns1 buffer overflow

CVE-2024-40988 | Linux Kernel up to 6.9.6 kv_dpm.c memory corruption

CVE-2024-45761 | Dell OpenManage Server Administrator up to 11.0.1.0 input validation (dsa-2024-481)

CVE-2024-10795 | Popularis Extra Plugin up to 1.2.7 on WordPress Post information disclosure