CVE-2025-27590

critical

Description

In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web.

References

https://github.com/ytti/oxidized-web/releases/tag/0.15.0

https://github.com/ytti/oxidized-web/commit/a5220a0ddc57b85cd122bffee228d3ed4901668e

Details

Source: Mitre, NVD

Published: 2025-03-03

Updated: 2025-03-03

Risk Information

CVSS v2

Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.13396

Detections

Analytics