CVE-2025-55037_CVE-2025-55037

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construct messages from external sources.

Basic Information

ID CVE-2025-55037

Source jpcert

Published Sep 5, 2025 at 05:24

Affected Product

Vendor kujirahand

Product TkEasyGUI

Version versions prior to v1.0.22

Affected Versions kujirahand TkEasyGUI versions prior to v1.0.22

CWE Classification

CWE-78

References

{
    "lastseen": "",
    "description": "Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construct messages from external sources.",
    "published": "2025-09-05T05:24:41.118Z",
    "modified": "2025-09-05T05:24:41.118Z",
    "type": "cve",
    "title": "CVE-2025-55037",
    "source": "jpcert",
    "references": "https://github.com/kujirahand/tkeasygui-python/releases/tag/v1.0.22\nhttps://jvn.jp/en/jp/JVN48739895/",
    "id": "CVE-2025-55037",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "kujirahand TkEasyGUI versions prior to v1.0.22",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TkEasyGUI",
    "version": "versions prior to v1.0.22",
    "vendor": "kujirahand",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}