CVE-2025-34099P2CRITICALCVSS 9.3PoC≥ 2.9 RC1, ≤ 2.13 RC12025-07-10
CVE-2025-34099 [CRITICAL] CWE-20 CVE-2025-34099: An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13
An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidial_sales_viewer.php component when password encryption is enabled (a non-default configuration). The application improperly passes the HTTP Basic Authentication password directly to a call to exec() without adequate sanitation. T
nvd