CVE-2025-6900
published 2025-06-30CVE-2025-6900: A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file…
PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.33%
24.3th percentile
A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-book.php. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| code-projects | library_system | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
cisa7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rrwj-g54j-vqmm: A vulnerability has been found in code-projects Library System 1
ghsa_unreviewed·2025-06-30
CVE-2025-6900 [MEDIUM] CWE-284 GHSA-rrwj-g54j-vqmm: A vulnerability has been found in code-projects Library System 1
A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-book.php. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CISA
Mitel SIP Phones Argument Injection Vulnerability
cisa·2025-02-12·CVSS 7.2
CVE-2024-41710 [HIGH] CWE-88 Mitel SIP Phones Argument Injection Vulnerability
Vulnerability: Mitel SIP Phones Argument Injection Vulnerability
Affected: Mitel SIP Phones
Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitization during the boot process. Successful exploitation may allow an attacker to execute arbitrary commands within the context of the system.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0019-001-v2.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2024-41710
Remediation Due Date: 2025-03-05
No detection rules found.
Nuclei
Mitel 6000 - OS Command Injection
nuclei·CVSS 6.5
CVE-2025-47188 [MEDIUM] Mitel 6000 - OS Command Injection
Mitel 6000 - OS Command Injection
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. This template should be run on port 49249/tcp.
Template:
id: CVE-2025-47188
info:
name: Mitel 6000 - OS Command Injection
severity: critical
author: matejsmycka
description: |
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0, could allow an unauthenticated attacker to conduct a command injection att
No writeups or analysis indexed.
2025-06-30
Published