CVE-2025-25038CRITICAL 9.8EPSS p91.6%

CVE-2025-25038CVE-2025-25038

Description

An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary commands as the root user, potentially compromising the entire device. Exploitation evidence was observed by the Shadowserver Foundation on 2024-04-10 UTC.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS5.32% probability of exploitation · percentile 91.6% · 2026-06-18T12:00:27Z
Published2025-06-20
Last modified2025-12-22

Underlying weaknesses· 1

CWE-78

References

  1. https://cxsecurity.com/issue/WLB-2022100039
  2. https://packetstormsecurity.com/files/168744/
  3. https://vulncheck.com/advisories/minidvblinux-command-injection
  4. https://www.exploit-db.com/exploits/51096
  5. https://www.fortiguard.com/encyclopedia/ips/52454
  6. https://www.minidvblinux.de
  7. https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5717.php

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-34029
CVE
CVE-2025-34035
CVE
CVE-2025-34036
CVE
CVE-2025-10265
CVE
CVE-2025-37162
CVE
CVE-2025-0593
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.