Command Injection Vulnerability in Web-Check OSINT Tool by Lissy93
CVE-2025-32778
9.3CRITICAL
What is CVE-2025-32778?
The Web-Check OSINT tool has a command injection vulnerability within its screenshot API, which occurs due to unsanitized user input being used in a shell command via exec(). This security flaw allows attackers to provide malicious URL parameters, leading to the execution of arbitrary commands on the system where the tool is hosted. Exploitation of this vulnerability could allow unauthorized file access and remote system manipulation. The issue has been addressed in later versions by substituting exec() with execFile(), enhancing the input handling and command execution process.
Affected Version(s)
web-check < 2.0.1
References
EPSS Score
19% chance of being exploited in the next 30 days.
CVSS V4
Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
