Linux Distros Unpatched Vulnerability : CVE-2025-64756

🗓️ 04 Dec 2025 00:00:00Reported by TenableType

Linux glob CLI -c option allows command injection on unpatched versions; patch in 10.5.0 and 11.1.0.

Reporter	Title	Published	Views	Family All 102
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition	30 Jan 202609:11	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition	16 Feb 202609:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Event Processing is vulnerable to command injection vulnerability (CVE-2025-64756)	11 Feb 202611:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules (CVE-2025-64718, CVE-2025-64756, CVE-2025-13466 & CVE-2025-65945)	22 Dec 202511:27	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues	17 Feb 202612:04	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Concert Software	14 Jan 202612:11	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition	7 Apr 202607:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Event Endpoint Management is vulnerable to command injection vulnerability (CVE-2025-64756)	10 Feb 202606:50	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge	22 Jan 202605:02	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions	31 Mar 202612:18	–	ibm

Source	Link
access	www.access.redhat.com/security/cve/cve-2025-64756
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(277379);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/10");

  script_cve_id("CVE-2025-64756");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2025-64756");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0
    and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows
    arbitrary command execution when processing files with malicious names. When glob -c <command> <patterns>
    are used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in
    filenames to trigger command injection and achieve arbitrary code execution under the user or CI account
    privileges. This issue has been patched in versions 10.5.0 and 11.1.0. (CVE-2025-64756)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2025-64756");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-64756");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/11/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/12/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:8");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nodejs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nodejs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nodejs-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nodejs-full-i18n");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nodejs-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nodejs-nodemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nodejs-npm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nodejs-packaging");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nodejs-packaging-bundler");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nodejs22");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nodejs24");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nodejs24-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nodejs24-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nodejs24-full-i18n");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nodejs24-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nodejs24-npm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:npm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:v8-12.4-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:v8-13.6-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-full-i18n");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-nodemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-npm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-packaging");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-packaging-bundler");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs22");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs24");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs24-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs24-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs24-full-i18n");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs24-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs24-npm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:npm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:v8-12.4-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:v8-13.6-devel");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/CentOS Linux-8", "Host/OS/Red Hat Enterprise Linux-10", "Host/OS/Red Hat Enterprise Linux-8", "Host/OS/Red Hat Enterprise Linux-9");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/CentOS/rpm-list")) && empty_or_null(get_one_kb_item("Host/RedHat/rpm-list"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Red Hat Enterprise Linux-10": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "10",
        "pkgs": [
          {"reference": "nodejs"},
          {"reference": "nodejs-devel"},
          {"reference": "nodejs-docs"},
          {"reference": "nodejs-full-i18n"},
          {"reference": "nodejs-libs"},
          {"reference": "nodejs-npm"},
          {"reference": "nodejs22"},
          {"reference": "nodejs24"},
          {"reference": "nodejs24-devel"},
          {"reference": "nodejs24-docs"},
          {"reference": "nodejs24-full-i18n"},
          {"reference": "nodejs24-libs"},
          {"reference": "nodejs24-npm"}
        ]
      }
    ]
  },
  "CentOS Linux-8": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "8",
        "pkgs": [
          {"reference": "nodejs"},
          {"reference": "nodejs-devel"},
          {"reference": "nodejs-docs"},
          {"reference": "nodejs-full-i18n"},
          {"reference": "nodejs-libs"},
          {"reference": "nodejs-nodemon"},
          {"reference": "nodejs-packaging"},
          {"reference": "nodejs-packaging-bundler"},
          {"reference": "npm"},
          {"reference": "v8-12.4-devel"},
          {"reference": "v8-13.6-devel"}
        ]
      }
    ]
  },
  "Red Hat Enterprise Linux-8": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "8",
        "pkgs": [
          {"reference": "nodejs"},
          {"reference": "nodejs-devel"},
          {"reference": "nodejs-docs"},
          {"reference": "nodejs-full-i18n"},
          {"reference": "nodejs-libs"},
          {"reference": "nodejs-nodemon"},
          {"reference": "nodejs-packaging"},
          {"reference": "nodejs-packaging-bundler"},
          {"reference": "npm"},
          {"reference": "v8-12.4-devel"},
          {"reference": "v8-13.6-devel"}
        ]
      }
    ]
  },
  "Red Hat Enterprise Linux-9": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "9",
        "pkgs": [
          {"reference": "nodejs"},
          {"reference": "nodejs-docs"},
          {"reference": "nodejs-full-i18n"},
          {"reference": "nodejs-libs"},
          {"reference": "npm"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

10 Feb 2026 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 3.17.5

EPSS0.00025

SSVC