CVE-2025-6775 | xiaoyunjie openvpn-cms-flask up to 1.2.7 User Creation Endpoint /app/api/v1/openvpn.py create_user Username command injection (Issue 24)

Inserito da Angelo Barbosa | Giu 27, 2025 | CVE

A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection.

This vulnerability is uniquely identified as CVE-2025-6775. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2025-6775 | xiaoyunjie openvpn-cms-flask up to 1.2.7 User Creation Endpoint /app/api/v1/openvpn.py create_user Username command injection (Issue 24)

Post correlati

CVE-2024-29318 | Volmarg Personal Management System 1.4.64 SVG File cross site scripting

CVE-2024-51962 | ESRI ArcGIS Server 10.9.1/11.1/11.2/11.3 Edit Operation sql injection

CVE-2024-47816 | miraheze ImportDump improper ownership management (5c91dfc)

CVE-2024-46817 | Linux Kernel up to 6.10.8 AMD Display amdgpu_dm initialization