Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
                
            Metrics
Affected Vendors & Products
References
        History
                    Thu, 04 Sep 2025 16:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Microsoft Microsoft windows Sensiolabs Sensiolabs symfony | |
| CPEs | cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* | |
| Vendors & Products | Microsoft Microsoft windows Sensiolabs Sensiolabs symfony | 
Sat, 12 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | epss 
 | epss 
 | 
Fri, 22 Nov 2024 00:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Symfony Symfony symfony | |
| CPEs | cpe:2.3:a:symfony:symfony:*:*:*:*:*:*:*:* | |
| Vendors & Products | Symfony Symfony symfony | |
| Metrics | ssvc 
 | 
Wed, 06 Nov 2024 21:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |
| Title | Command execution hijack on Windows with Process class in symfony/process | |
| Weaknesses | CWE-77 | |
| References |  | |
| Metrics | cvssV3_1 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-11-06T20:51:38.536Z
Updated: 2024-11-21T23:23:26.713Z
Reserved: 2024-10-31T14:12:45.788Z
Link: CVE-2024-51736
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-11-21T23:23:19.458Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-11-06T21:15:06.600
Modified: 2025-09-04T16:08:00.420
Link: CVE-2024-51736
 Redhat
                        Redhat
                    No data.