CVE-2025-25038
CRITICALCVSS v3
9.8
CRITICAL
EPSS Score
29.2%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary commands as the root user, potentially compromising the entire device. Exploitation evidence was observed by the Shadowserver Foundation on 2024-04-10 UTC.
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 6/20/2025
- Last Modified
- 12/22/2025
Frequently Asked Questions
What is CVE-2025-25038?
An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary commands as the root user, potentially compromising the entire device. Exploitation evidence was observed by the Shadowserver Foundation on 2024-04-10 UTC.
Is CVE-2025-25038 actively exploited?
Active exploitation of CVE-2025-25038 has not been confirmed. The EPSS score is 29.2%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2025-25038?
CVE-2025-25038 has a CVSS v3 base score of 9.8 (CRITICAL severity), with vector string 3.1.
Is CVE-2025-25038 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.