Command Injection Vulnerability in reNgine Framework by Yogesh Ojha
CVE-2025-24962

8.7HIGH

Key Information:

Vendor: Yogeshojha
Status: Rengine
Vendor: CVE Published:; 3 February 2025

What is CVE-2025-24962?

The reNgine framework, utilized for automated reconnaissance of web applications, contains a vulnerability allowing attackers to inject commands via the nmap_cmd parameters in affected versions. This flaw could enable malicious users to execute arbitrary commands, compromising system integrity. Developers and users are recommended to implement input filtering and keep abreast of updates to mitigate this risk, particularly with the upcoming release addressing the issue.

Affected Version(s)

rengine <= 2.2.0

References

https://github.com/yogeshojha/rengine/security/advisories...

x_refsource_CONFIRM

https://github.com/yogeshojha/rengine/commit/c28e5c8d3044...

x_refsource_MISC

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Jan 29, 2025

Yogeshojha

What is CVE-2025-24962?

Affected Version(s)

References

CVSS V4

Timeline