OS Command Injection Vulnerability in LemonLDAP::NG Affects Safe Jail Functionality
CVE-2025-59518

8HIGH

Key Information:

Vendor: Lemonldap-ng
Status: Lemonldap::ng
Vendor: CVE Published:; 17 September 2025

🔔 Create Lemonldap-ng Vulnerability Alert

What is CVE-2025-59518?

An OS command injection vulnerability exists in LemonLDAP::NG versions prior to 2.16.7 and from 2.17 to 2.21 before 2.21.3. This issue arises due to a flaw in the Safe jail mechanism, which does not properly localize the underscore character during rule evaluation. As a result, a malicious administrator who can modify rules evaluated by the Safe jail may execute arbitrary commands on the server, potentially compromising sensitive data and system integrity.

Affected Version(s)

LemonLDAP::NG 0 < 2.16.7

LemonLDAP::NG 2.17.0 < 2.21.3

References

https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/3462

https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2025
Vulnerability Reserved
Sep 17, 2025