OS Command Injection Vulnerability in Comodo Internet Security Premium
CVE-2025-7097
What is CVE-2025-7097?
An OS command injection vulnerability has been identified in Comodo Internet Security Premium version 12.3.4.8162. This security flaw stems from improper handling of the 'cis_update_x64.xml' file within the application's Manifest File Handler component. An attacker exploiting this vulnerability may manipulate the binary/params arguments, enabling remote execution of arbitrary commands on the victim's system. While the complexity of carrying out this attack is relatively high, the potential risks underscore the necessity for users to apply patches promptly. Affected users should remain vigilant and adhere to security updates from Comodo Security Solutions.
Affected Version(s)
Internet Security Premium 12.3.4.8162
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved