Lucene search
K

CVE-2025-67738

🗓️ 11 Dec 2025 06:34:10Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 29 Views🌐 WEB

CVE-2025-67738: Webmin prior to 2.600 allows unquoted cachemgr.cgi arguments in Squid Cache Manager.

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
BDU FSTEC
The vulnerability of the Webmin control panel in hosting systems arises from the lack of measures taken to neutralize special elements used in the operating system’s command line. This allows attackers to execute arbitrary commands.
22 Apr 202600:00
bdu_fstec
Circl
CVE-2025-67738
11 Dec 202507:48
circl
CNNVD
Webmin 操作系统命令注入漏洞
11 Dec 202500:00
cnnvd
Cvelist
CVE-2025-67738
11 Dec 202506:34
cvelist
EUVD
EUVD-2025-202665
11 Dec 202506:34
euvd
NVD
CVE-2025-67738
11 Dec 202507:16
nvd
OSV
CVE-2025-67738
11 Dec 202507:16
osv
Positive Technologies
PT-2025-50582
11 Dec 202500:00
ptsecurity
RedhatCVE
CVE-2025-67738
12 Dec 202507:16
redhatcve
Redos
ROS-20260401-73-0038
1 Apr 202600:00
redos
Rows per page
Vulners
CNA
Node
webminwebminRange02.600
[
  {
    "defaultStatus": "unaffected",
    "product": "Webmin",
    "vendor": "Webmin",
    "versions": [
      {
        "lessThan": "2.600",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
cmsquery paramsquid/cachemgr.cgiUnquoted arguments in squid/cachemgr.cgi can lead to remote command execution when an authenticated user with cms permission accesses Cache Manager features.CWE-78
Cache Manager permissionsquery paramsquid/cachemgr.cgiUnquoted arguments in squid/cachemgr.cgi can lead to remote command execution when an authenticated user with cms permission accesses Cache Manager features.CWE-78
argumentsquery paramsquid/cachemgr.cgiUnquoted arguments in squid/cachemgr.cgi can lead to remote command execution when an authenticated user with cms permission accesses Cache Manager features.CWE-78

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 09:58Current
6.5Medium risk
Vulners AI Score6.5
CVSS 3.18.5
EPSS0.00306
SSVC
29