Arbitrary Code Execution Vulnerability in OpenSourcePOS by OpenSourcePOS
CVE-2025-70093

7.4HIGH

Key Information:

Vendor: OpenSourcePOS
Status: OpenSourcePOS
Vendor: CVE Published:; 13 February 2026

🔔 Create OpenSourcePOS Vulnerability Alert

What is CVE-2025-70093?

In OpenSourcePOS version 3.4.1, a flaw exists that enables attackers to execute arbitrary code through a maliciously crafted AJAX response. This vulnerability poses a significant risk as it allows for unauthorized actions that could compromise the integrity and security of the application. Users of this version should investigate and apply necessary mitigations to protect their systems.

References

https://www.opensourcepos.org

https://github.com/opensourcepos/opensourcepos/pull/4357

https://github.com/hungnqdz/cve-research/blob/main/CVE-20...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2026
Vulnerability Reserved
Jan 9, 2026

CVE-2025-70093 Data

JSON