OS Command Injection Vulnerability in Comodo Internet Security Premium
CVE-2025-7097

9.2CRITICAL

Key Information:

Vendor

Comodo

Status
Internet Security Premium
Vendor
CVE Published:
6 July 2025

Badges

👾 Exploit Exists

What is CVE-2025-7097?

An OS command injection vulnerability has been identified in Comodo Internet Security Premium version 12.3.4.8162. This security flaw stems from improper handling of the 'cis_update_x64.xml' file within the application's Manifest File Handler component. An attacker exploiting this vulnerability may manipulate the binary/params arguments, enabling remote execution of arbitrary commands on the victim's system. While the complexity of carrying out this attack is relatively high, the potential risks underscore the necessity for users to apply patches promptly. Affected users should remain vigilant and adhere to security updates from Comodo Security Solutions.

Affected Version(s)

Internet Security Premium 12.3.4.8162

References

https://vuldb.com/?id.315011
vdb-entrytechnical-description
https://vuldb.com/?ctiid.315011
signaturepermissions-required
https://vuldb.com/?submit.603714
third-party-advisory

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

FPT IS Security (VulDB User)
.
CVE-2025-7097 : OS Command Injection Vulnerability in Comodo Internet Security Premium