Vulnerabilities

CVE-2025-69212 - OpenSTAManager has an OS Command Injection in P7M File Processing

2026-02-06 0 views admin

CVE ID : CVE-2025-69212 Published : Feb. 6, 2026, 6:12 p.m. | 30 minutes ago Description : OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M (signed XML) file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a malicious filename to execute arbitrary system commands on the server. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-69212

Severity

CRITICAL

Published

Feb. 6, 2026

Impact: Command Injection

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-69212critical

CVE-2025-69212 - OpenSTAManager has an OS Command Injection in P7M File Processing

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-69214 - OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint)

CVE-2025-70963 - Gophish Insecure API Key Exposure

CVE-2025-64175 - Gogs Vulnerable to 2FA Bypass via Recovery Code

CVE-2026-23633 - Gogs has arbitrary file read/write via path traversal in Git hook editing

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting