CVE-2025-1845 | ESAFENET DSM 3.1.2 examExportPDF s command injection

Posted by Angelo Barbosa | Mar 2, 2025 | CVE

A vulnerability has been found in ESAFENET DSM 3.1.2 and classified as critical. Affected by this vulnerability is the function examExportPDF of the file /admin/plan/examExportPDF. The manipulation of the argument s leads to command injection.

This vulnerability is known as CVE-2025-1845. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-1845 | ESAFENET DSM 3.1.2 examExportPDF s command injection

Related Posts

CVE-2024-8347 | SourceCodester Computer Laboratory Management System 1.0 Master.php delete_record id sql injection

CVE-2024-29185 | freescout-helpdesk freescout up to 1.8.127 /public/tools.php shell_exec php_path os command injection (GHSA-7p9x-ch4c-vqj9)

CVE-2025-22584 | pluginspoint Timeline Pro Plugin up to 1.3 on WordPress cross site scripting

CVE-2024-10659 | ESAFENET CDG 5 CDGAuthoriseTempletService.java delSystemEncryptPolicy id sql injection