A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.
https://access.redhat.com/errata/RHSA-2025:2754
https://access.redhat.com/errata/RHSA-2025:2195
https://access.redhat.com/errata/RHSA-2025:2157
https://access.redhat.com/errata/RHSA-2025:2130
https://access.redhat.com/errata/RHSA-2025:2022
https://access.redhat.com/errata/RHSA-2025:1964
https://access.redhat.com/errata/RHSA-2025:1963
https://access.redhat.com/errata/RHSA-2025:1962
https://access.redhat.com/errata/RHSA-2025:1961
https://lists.debian.org/debian-lts-announce/2025/02/msg00033.html
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1
https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=820f0793f0b46448928905552726c1f1b999062f
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390
https://bugzilla.redhat.com/show_bug.cgi?id=2345150