{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6775", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-06-27T11:02:52.852Z", "datePublished": "2025-06-27T20:00:20.538Z", "dateUpdated": "2025-06-27T20:15:17.511Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-27T20:00:20.538Z"}, "title": "xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "Command Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "xiaoyunjie", "product": "openvpn-cms-flask", "versions": [{"version": "1.2.0", "status": "affected"}, {"version": "1.2.1", "status": "affected"}, {"version": "1.2.2", "status": "affected"}, {"version": "1.2.3", "status": "affected"}, {"version": "1.2.4", "status": "affected"}, {"version": "1.2.5", "status": "affected"}, {"version": "1.2.6", "status": "affected"}, {"version": "1.2.7", "status": "affected"}, {"version": "1.2.8", "status": "unaffected"}], "modules": ["User Creation Endpoint"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.8 is able to address this issue. The patch is named e23559b98c8ea2957f09978c29f4e512ba789eb6. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in xiaoyunjie openvpn-cms-flask bis 1.2.7 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion create_user der Datei /app/api/v1/openvpn.py der Komponente User Creation Endpoint. Durch Manipulieren des Arguments Username mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 1.2.8 vermag dieses Problem zu l\u00f6sen. Der Patch wird als e23559b98c8ea2957f09978c29f4e512ba789eb6 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2025-06-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-06-27T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-06-27T13:08:06.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Tritium (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.314091", "name": "VDB-314091 | xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.314091", "name": "VDB-314091 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.602373", "name": "Submit #602373 | xiaoyunjie openvpn-cms-flask 1.2.7 Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24#issuecomment-2948563464", "tags": ["issue-tracking"]}, {"url": "https://github.com/xiaoyunjie/openvpn-cms-flask/commit/e23559b98c8ea2957f09978c29f4e512ba789eb6", "tags": ["patch"]}, {"url": "https://github.com/xiaoyunjie/openvpn-cms-flask/releases/tag/v1.2.8", "tags": ["patch"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-27T20:14:59.549344Z", "id": "CVE-2025-6775", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-27T20:15:17.511Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6775", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-27T20:14:59.549344Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-27T20:15:09.876Z"}}], "cna": {"title": "xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection", "credits": [{"lang": "en", "type": "reporter", "value": "Tritium (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "xiaoyunjie", "modules": ["User Creation Endpoint"], "product": "openvpn-cms-flask", "versions": [{"status": "affected", "version": "1.2.0"}, {"status": "affected", "version": "1.2.1"}, {"status": "affected", "version": "1.2.2"}, {"status": "affected", "version": "1.2.3"}, {"status": "affected", "version": "1.2.4"}, {"status": "affected", "version": "1.2.5"}, {"status": "affected", "version": "1.2.6"}, {"status": "affected", "version": "1.2.7"}, {"status": "unaffected", "version": "1.2.8"}]}], "timeline": [{"lang": "en", "time": "2025-06-27T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-06-27T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-06-27T13:08:06.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.314091", "name": "VDB-314091 | xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.314091", "name": "VDB-314091 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.602373", "name": "Submit #602373 | xiaoyunjie openvpn-cms-flask 1.2.7 Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24#issuecomment-2948563464", "tags": ["issue-tracking"]}, {"url": "https://github.com/xiaoyunjie/openvpn-cms-flask/commit/e23559b98c8ea2957f09978c29f4e512ba789eb6", "tags": ["patch"]}, {"url": "https://github.com/xiaoyunjie/openvpn-cms-flask/releases/tag/v1.2.8", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.8 is able to address this issue. The patch is named e23559b98c8ea2957f09978c29f4e512ba789eb6. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in xiaoyunjie openvpn-cms-flask bis 1.2.7 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion create_user der Datei /app/api/v1/openvpn.py der Komponente User Creation Endpoint. Durch Manipulieren des Arguments Username mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 1.2.8 vermag dieses Problem zu l\u00f6sen. Der Patch wird als e23559b98c8ea2957f09978c29f4e512ba789eb6 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "Command Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-27T20:00:20.538Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6775", "state": "PUBLISHED", "dateUpdated": "2025-06-27T20:15:17.511Z", "dateReserved": "2025-06-27T11:02:52.852Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-06-27T20:00:20.538Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xiaoyunjie:openvpn-cms-flask:*:*:*:*:*:*:*:*", "matchCriteriaId": "F806EABF-F59C-4121-ABC8-01CE68B82C38", "versionEndExcluding": "1.2.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.8 is able to address this issue. The patch is named e23559b98c8ea2957f09978c29f4e512ba789eb6. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad cr\u00edtica en xiaoyunjie openvpn-cms-flask hasta la versi\u00f3n 1.2.7. Esta vulnerabilidad afecta a la funci\u00f3n create_user del archivo /app/api/v1/openvpn.py del componente User Creation Endpoint. La manipulaci\u00f3n del argumento \"Username\" provoca la inyecci\u00f3n de comandos. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Actualizar a la versi\u00f3n 1.2.8 puede solucionar este problema. El parche se llama e23559b98c8ea2957f09978c29f4e512ba789eb6. Se recomienda actualizar el componente afectado."}], "id": "CVE-2025-6775", "lastModified": "2026-01-30T00:38:57.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-06-27T20:15:35.750", "references": [{"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/xiaoyunjie/openvpn-cms-flask/commit/e23559b98c8ea2957f09978c29f4e512ba789eb6"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24#issuecomment-2948563464"}, {"source": "cna@vuldb.com", "tags": ["Release Notes"], "url": "https://github.com/xiaoyunjie/openvpn-cms-flask/releases/tag/v1.2.8"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.314091"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.314091"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.602373"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-77"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}