CVE 8.5 HIGH

CVE-2025-67738_CVE-2025-67738

December 11, 2025 invoker category_cve

8.5 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions (the "cms" security option).

AI Analysis

Command injection vulnerability in Webmin's Squid module

Basic Information

ID CVE-2025-67738

Source mitre

Published Dec 11, 2025 at 06:34

Modified Dec 11, 2025 at 07:01

Affected Product

Vendor Webmin

Product Webmin

Version before 2.600

Affected Versions Webmin Webmin 0

CWE Classification

CWE-78

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor Webmin

Product Webmin

Version before 2.600

References

{
    "lastseen": "",
    "description": "squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions (the \"cms\" security option).",
    "published": "2025-12-11T06:34:10.060Z",
    "modified": "2025-12-11T07:01:26.334Z",
    "type": "cve",
    "title": "CVE-2025-67738",
    "source": "mitre",
    "references": "https://github.com/webmin/webmin/commit/1a52bf4d72f9da6d79250c66e51f41c6f5b880ee\nhttps://github.com/webmin/webmin/compare/2.520...2.600",
    "id": "CVE-2025-67738",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Webmin Webmin 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Webmin",
    "version": "before 2.600",
    "vendor": "Webmin",
    "ai_description": "Command injection vulnerability in Webmin's Squid module",
    "ai_severity": "High",
    "ai_vendor": "Webmin",
    "ai_product": "Webmin",
    "ai_version": "before 2.600",
    "ai_score": 8.5
}

💭 Join the Security Discussion ❌ Cancel Reply