exploitDog

CVE-2025-27146

Опубликовано: 25 фев. 2025

Источник: nvd

CVSS3: 2.7

CVSS3: 4.3

EPSS Низкий

Описание

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability has been patched in matrix-appservice-irc version 3.0.4.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:matrix:matrix_irc_bridge:*:*:*:*:*:node.js:*:*

Версия до 3.0.4 (исключая)

EPSS

Процентиль: 58%

0.00361

Низкий

2.7 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-77

CWE-77

Связанные уязвимости

GHSA-5mvm-89c9-9gm5

CVSS3: 2.7

github

12 месяцев назад

Matrix IRC Bridge allows IRC command injection to own puppeted user

EPSS

Процентиль: 58%

0.00361

Низкий

2.7 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-77

CWE-77