Command Injection Vulnerability in Web-Check OSINT Tool by Lissy93
CVE-2025-32778

9.3CRITICAL

Key Information:

Vendor

Lissy93

Status
Vendor
CVE Published:
15 April 2025

What is CVE-2025-32778?

The Web-Check OSINT tool has a command injection vulnerability within its screenshot API, which occurs due to unsanitized user input being used in a shell command via exec(). This security flaw allows attackers to provide malicious URL parameters, leading to the execution of arbitrary commands on the system where the tool is hosted. Exploitation of this vulnerability could allow unauthorized file access and remote system manipulation. The issue has been addressed in later versions by substituting exec() with execFile(), enhancing the input handling and command execution process.

Affected Version(s)

web-check < 2.0.1

References

EPSS Score

19% chance of being exploited in the next 30 days.

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.