CVE-2025-54314

low

Description

Thor before 1.4.0 can construct an unsafe shell command from library input.

References

https://hackerone.com/reports/3260153

https://github.com/rails/thor/releases/tag/v1.4.0

https://github.com/rails/thor/pull/897

https://github.com/rails/thor/commit/536b79036a0efb765c1899233412e7b1ca94abfa

Details

Source: Mitre, NVD

Published: 2025-07-20

Updated: 2025-07-22

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 2.8

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

Severity: Low

EPSS

EPSS: 0.00018