CVE-2025-55322

Опубликовано: 24 сент. 2025

Источник: msrc

CVSS3: 7.3

EPSS Низкий

Описание

OmniParser Remote Code Execution Vulnerability

Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network.

FAQ

According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?

While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.

Обновления

Продукт	Статья	Обновление
OmniParser	Release Notes Release Notes	Source Code (zip)Source Code (tar.gz)

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

EPSS

Процентиль: 27%

0.00093

Низкий

7.3 High

CVSS3

Связанные уязвимости

CVE-2025-55322

CVSS3: 7.3

nvd

около 1 месяца назад

Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network.

GHSA-fhfp-x6gx-hfqm

CVSS3: 7.3

github

около 1 месяца назад

Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network.

BDU:2025-12396

CVSS3: 7.3

fstec

около 1 месяца назад

Уязвимость инструмента для работы со структурированными данными OmniParser, связанная с привязкой к открытым IP-адресам, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 27%

0.00093

Низкий

7.3 High

CVSS3