CVE-2025-26845 — Code Injection in Znuny

CWE-94 — Code Injection CWE-95 — Eval Injection4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 38.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Znuny Debian Znuny

Timeline

PublishedMay 8

Description

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/znuny< znuny 6.5.13-1 (forky)

▶Debianznuny/znuny< 6.5.13-1+1

▶NVDznuny/znuny6.0.31 — 6.0.48+2

🔴Vulnerability Details

OSV

CVE-2025-26845: An Eval Injection issue was discovered in Znuny through 7↗2025-05-08

▶

GHSA

GHSA-8hx2-3q2m-9xxf: An Eval Injection issue was discovered in Znuny through 7↗2025-05-08

▶

📋Vendor Advisories

Debian

CVE-2025-26845: znuny - An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write...↗2025

▶