Vulnerability-Lookup

CVE-2025-62713 (GCVE-0-2025-62713)

Vulnerability from cvelistv5 – Published: 2025-10-23 16:15 – Updated: 2025-10-23 16:40

Title

Kottster app reinitialization can be re-triggered allowing command injection in development mode

Summary

Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been fixed in version 3.3.2.

Severity

7.2 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-284 - Improper Access Control
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/kottster/kottster/security/adv…	x_refsource_CONFIRM
https://github.com/kottster/kottster/commit/0a7d2…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
kottster	kottster	Affected: >= 3.2.0, < 3.3.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-62713",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-23T16:40:41.498146Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-23T16:40:52.174Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kottster",
          "vendor": "kottster",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.2.0, \u003c 3.3.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been fixed in version 3.3.2."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-23T16:15:14.696Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/kottster/kottster/security/advisories/GHSA-j3w7-9qc3-g96p",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/kottster/kottster/security/advisories/GHSA-j3w7-9qc3-g96p"
        },
        {
          "name": "https://github.com/kottster/kottster/commit/0a7d24922a23aac98372155348787670937eef89",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kottster/kottster/commit/0a7d24922a23aac98372155348787670937eef89"
        }
      ],
      "source": {
        "advisory": "GHSA-j3w7-9qc3-g96p",
        "discovery": "UNKNOWN"
      },
      "title": "Kottster app reinitialization can be re-triggered allowing command injection in development mode"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-62713",
    "datePublished": "2025-10-23T16:15:14.696Z",
    "dateReserved": "2025-10-20T19:41:22.740Z",
    "dateUpdated": "2025-10-23T16:40:52.174Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-62713",
      "date": "2026-06-18",
      "epss": "0.00684",
      "percentile": "0.47713"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-62713\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-10-23T17:15:40.290\",\"lastModified\":\"2025-10-27T13:20:15.637\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been fixed in version 3.3.2.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"UNREPORTED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"},{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"references\":[{\"url\":\"https://github.com/kottster/kottster/commit/0a7d24922a23aac98372155348787670937eef89\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/kottster/kottster/security/advisories/GHSA-j3w7-9qc3-g96p\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-62713\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-23T16:40:41.498146Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-23T16:40:47.525Z\"}}], \"cna\": {\"title\": \"Kottster app reinitialization can be re-triggered allowing command injection in development mode\", \"source\": {\"advisory\": \"GHSA-j3w7-9qc3-g96p\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"kottster\", \"product\": \"kottster\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 3.2.0, \u003c 3.3.2\"}]}], \"references\": [{\"url\": \"https://github.com/kottster/kottster/security/advisories/GHSA-j3w7-9qc3-g96p\", \"name\": \"https://github.com/kottster/kottster/security/advisories/GHSA-j3w7-9qc3-g96p\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/kottster/kottster/commit/0a7d24922a23aac98372155348787670937eef89\", \"name\": \"https://github.com/kottster/kottster/commit/0a7d24922a23aac98372155348787670937eef89\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been fixed in version 3.3.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284: Improper Access Control\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-10-23T16:15:14.696Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-62713\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-23T16:40:52.174Z\", \"dateReserved\": \"2025-10-20T19:41:22.740Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-10-23T16:15:14.696Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2025-62713

Vulnerability from fkie_nvd - Published: 2025-10-23 17:15 - Updated: 2026-06-17 09:52

Severity

7.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/kottster/kottster/commit/0a7d24922a23aac98372155348787670937eef89
	security-advisories@github.com	https://github.com/kottster/kottster/security/advisories/GHSA-j3w7-9qc3-g96p

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "kottster",
          "vendor": "kottster",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.2.0, \u003c 3.3.2"
            }
          ]
        }
      ],
      "source": "security-advisories@github.com"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been fixed in version 3.3.2."
    }
  ],
  "id": "CVE-2025-62713",
  "lastModified": "2026-06-17T09:52:18.877",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "UNREPORTED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2025-62713",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2025-10-23T16:40:41.498146Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2025-10-23T17:15:40.290",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/kottster/kottster/commit/0a7d24922a23aac98372155348787670937eef89"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/kottster/kottster/security/advisories/GHSA-j3w7-9qc3-g96p"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        },
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-J3W7-9QC3-G96P

Vulnerability from github – Published: 2025-10-23 16:01 – Updated: 2025-10-23 20:37

Summary

Kottster app reinitialization can be re-triggered allowing command injection in development mode

Details

Impact

Development mode only. Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode.

The vulnerability combines two issues: 1. The initApp action can be called repeatedly without checking if the app is already initialized, allowing attackers to create a new root admin account and obtain a JWT token 2. The installPackagesForDataSource action uses unescaped command arguments, enabling command injection

An attacker with access to a locally running development instance can chain these vulnerabilities to: - Reinitialize the application and receive a JWT token for a new root account - Use this token to authenticate - Execute arbitrary system commands through installPackagesForDataSource

Production deployments were never affected.

Patches

Fixed in v3.3.2.

Specifically, @kottster/server v3.3.2 and @kottster/cli v3.3.2 address this vulnerability.

We recommend developers using earlier versions of @kottster/server and @kottster/cli update all the core packages to latest release:

npm install @kottster/common@latest @kottster/cli@latest @kottster/server@latest @kottster/react@latest

Workarounds

Do not expose development servers to public networks or untrusted users
Use production mode for any deployment accessible from outside trusted environments

Credit

We sincerely thank Jeongwon Jo (@P0cas) from RedAlert for discovering and responsibly disclosing this vulnerability.

Severity

7.2 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@kottster/server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.2.0"
            },
            {
              "fixed": "3.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-62713"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-23T16:01:35Z",
    "nvd_published_at": "2025-10-23T17:15:40Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\n**Development mode only**. Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode.\n\nThe vulnerability combines two issues:\n1. The `initApp` action can be called repeatedly without checking if the app is already initialized, allowing attackers to create a new root admin account and obtain a JWT token\n2. The `installPackagesForDataSource` action uses unescaped command arguments, enabling command injection\n\nAn attacker with access to a locally running development instance can chain these vulnerabilities to:\n- Reinitialize the application and receive a JWT token for a new root account\n- Use this token to authenticate\n- Execute arbitrary system commands through `installPackagesForDataSource`\n\n**Production deployments were never affected.**\n\n### Patches\n\nFixed in [v3.3.2](https://github.com/kottster/kottster/releases/tag/v3.3.2).\n\nSpecifically, `@kottster/server` [v3.3.2](https://www.npmjs.com/package/@kottster/server/v/3.3.2) and `@kottster/cli` [v3.3.2](https://www.npmjs.com/package/@kottster/cli/v/3.3.2) address this vulnerability.\n\nWe recommend developers using earlier versions of `@kottster/server` and `@kottster/cli` update all the core packages to latest release:\n\n```\nnpm install @kottster/common@latest @kottster/cli@latest @kottster/server@latest @kottster/react@latest\n```\n\n### Workarounds\n\n- Do not expose development servers to public networks or untrusted users\n- Use production mode for any deployment accessible from outside trusted environments\n\n### Credit\n\nWe sincerely thank Jeongwon Jo ([@P0cas](https://github.com/P0cas)) from **RedAlert** for discovering and responsibly disclosing this vulnerability.",
  "id": "GHSA-j3w7-9qc3-g96p",
  "modified": "2025-10-23T20:37:07Z",
  "published": "2025-10-23T16:01:35Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/kottster/kottster/security/advisories/GHSA-j3w7-9qc3-g96p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62713"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kottster/kottster/commit/0a7d24922a23aac98372155348787670937eef89"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kottster/kottster"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Kottster app reinitialization can be re-triggered allowing command injection in development mode"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-62713 (GCVE-0-2025-62713)

FKIE_CVE-2025-62713

GHSA-J3W7-9QC3-G96P

Impact

Patches

Workarounds

Credit

Tags

Sightings

Nomenclature