CVE-2024-25255

critical

Description

Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build System module. NOTE: multiple third parties report that this is intended behavior.

References

https://www.sublimetext.com/docs/build_systems.html#shell_cmd.

https://www.sublimetext.com/docs/build_systems.html#exec-target-options

https://forum.sublimetext.com/t/cve-2024-25255-critical/74906/3

https://exploitart.ist/exploit/2023/09/17/sublime-text-os-command-injection.html

Details

Source: Mitre, NVD

Published: 2024-11-11

Updated: 2024-12-24

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01132

Detections

Analytics