Описание
A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.
Отчет
To exploit this flaw, an attacker needs to trick a user into visiting a specially crafted website, an HTTP URL with a redirect or in general a custom man URI schemes. In order to exploit this vulnerability a user action is required, limiting the possibility of this issue to be exploited.
Меры по смягчению последствий
There is no an existing or known mitigation for this issue without disabling part of the Emacs core functionality. However, by avoiding opening or view untrusted files, websites, HTTP URLs or other URI resources with Emacs would reduce or prevent the risk of performing this attack successfully.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | emacs | Affected | ||
| Red Hat Enterprise Linux 6 | emacs | Out of support scope | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | emacs | Fixed | RHSA-2025:2130 | 03.03.2025 |
| Red Hat Enterprise Linux 8 | emacs | Fixed | RHSA-2025:1917 | 27.02.2025 |
| Red Hat Enterprise Linux 8 | emacs | Fixed | RHSA-2025:1917 | 27.02.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | emacs | Fixed | RHSA-2025:2157 | 03.03.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | emacs | Fixed | RHSA-2025:1963 | 03.03.2025 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | emacs | Fixed | RHSA-2025:1963 | 03.03.2025 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | emacs | Fixed | RHSA-2025:1963 | 03.03.2025 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | emacs | Fixed | RHSA-2025:1961 | 03.03.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.
A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.
A command injection flaw was found in the text editor Emacs. It could ...
EPSS
8.8 High
CVSS3