cbcvebase.
CVE-2025-0655
published 2025-03-20

CVE-2025-0655: Duplicate Advisory: D-Tale Command Injection vulnerability ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of…

critical9.8
EXPLOIT
Duplicate Advisory: D-Tale Command Injection vulnerability

## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-832w-fhmw-w4f4. This link is maintained to preserve external references.

## Original Description
A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state settings to enable the `enable_custom_filters` feature, which is typically restricted to trusted environments. Once enabled, the attacker can exploit the /test-filter endpoint to execute arbitrary system commands, leading to remote code execution (RCE). This issue is addressed in version 3.16.1.

Affected

1 ranges
VendorProductVersion rangeFixed in
man-groupdtale>= 0 < 3.17.03.17.0
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.