CVE-2025-54314

Опубликовано: 20 июл. 2025

Источник: redhat

CVSS3: 2.8

EPSS Низкий

Описание

Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."

A flaw was found in Thor, where it improperly constructs shell commands using data derived from libraries. This flaw allows a local attacker to execute arbitrary commands. Command execution occurs when processing specially crafted library input.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat 3scale API Management Platform 2	3scale-amp2/zync-rhel8	Fix deferred
Red Hat 3scale API Management Platform 2	3scale-amp2/zync-rhel9	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-78

https://bugzilla.redhat.com/show_bug.cgi?id=2382101thor: Thor Command Injection Vulnerability

EPSS

Процентиль: 4%

0.00018

Низкий

2.8 Low

CVSS3

Связанные уязвимости

CVE-2025-54314

CVSS3: 2.8

ubuntu

7 месяцев назад

CVE-2025-54314

CVSS3: 2.8

nvd

7 месяцев назад

CVE-2025-54314

CVSS3: 2.8

msrc

5 месяцев назад

CVE-2025-54314

CVSS3: 2.8

debian

7 месяцев назад

Thor before 1.4.0 can construct an unsafe shell command from library i ...

GHSA-mqcp-p2hv-vw6x

CVSS3: 7.8

github

7 месяцев назад

Withdrawn Advisory: Thor can construct an unsafe shell command from library input.

EPSS

Процентиль: 4%

0.00018

Низкий

2.8 Low

CVSS3