CVE Details
Basic Information
| Title | Jrohy trojan linux.go LogChan os command injection |
|---|---|
| Type | cve |
| Published | 2025-06-03T20:00:10.318Z |
| Last Seen |
Product Information
| Vendor | Jrohy |
|---|---|
| Product | trojan |
| Version | 2.15.0 |
CVSS Information
| Base Score | 6.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A vulnerability in Jrohy Trojan’s LogChan function allows remote command injection, affecting versions up to 2.15.3. This issue can be exploited remotely without authentication, leading to potential system compromise. |
|---|---|
| AI Severity | High |
| Vendor | Jrohy |
| Product | Jrohy Trojan |
| Affected Version | 2.15.0, 2.15.1, 2.15.2, 2.15.3 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-78, CWE-77 |
| Bulletin Family | |
| Source Data | Jrohy trojan 2.15.0 Jrohy trojan 2.15.1 Jrohy trojan 2.15.2 Jrohy trojan 2.15.3 |
Source Information
| Source Data | Jrohy trojan 2.15.0 Jrohy trojan 2.15.1 Jrohy trojan 2.15.2 Jrohy trojan 2.15.3 |
|---|---|
| Source Link |
Description
A vulnerability was found in Jrohy trojan up to 2.15.3. It has been declared as critical. This vulnerability affects the function LogChan of the file trojan/util/linux.go. The manipulation of the argument c leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
CVSS Score Summary
Base Score: 6.3 (MEDIUM)