Command Injection Vulnerability in Binance Trading Bot
CVE-2025-27106
7.7HIGH
What is CVE-2025-27106?
The binance-trading-bot is susceptible to a command injection vulnerability that can lead to remote code execution on the host system. This issue arises in the /restore endpoint where the name of an uploaded file is improperly handled, allowing authorized users to execute arbitrary code without sufficient sanitization. The vulnerability has been addressed in version 0.0.100, and users are strongly encouraged to upgrade immediately to mitigate the risk. No known workarounds are available.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
binance-trading-bot < 0.0.100
References
CVSS V4
Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved