Weak Argument Quoting in Webmin Cache Manager
CVE-2025-67738

8.5HIGH

Key Information:

Vendor: Webmin
Status: Webmin
Vendor: CVE Published:; 11 December 2025

What is CVE-2025-67738?

An improper quoting issue in the Cache Manager feature of the Webmin Squid module allows authenticated users with specific permissions to manipulate arguments. This vulnerability could allow an attacker to execute unauthorized commands by exploiting the failure to correctly handle input arguments. Proper safeguards should be reinforced to mitigate potential risks associated with privilege escalation or unauthorized access.

Affected Version(s)

Webmin 0 < 2.600

References

https://github.com/webmin/webmin/commit/1a52bf4d72f9da6d7...

https://github.com/webmin/webmin/compare/2.520...2.600

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2025
Vulnerability Reserved
Dec 11, 2025

JSON