CVE-2025-61141 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and conf…
High CVSS: 7.5

CVE-2025-61141

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands.
Vendor
-
Product
-
CWE
CWE-77
Yayın Tarihi
2025-10-30 20:15:39
Güncelleme
2025-11-04 15:41:56
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-77 HIGH 2025

Referanslar

https://advisory.dw1.io/54/ https://github.com/sqls-server/sqls/ https://lukmanern.github.io/CVE-2025-61141.html