CVE-2025-2421

Remote Code Execution in Profelis Informatics' SambaBox

CVSS 9.8 CRITICALEPSS 0.5%CWE-94

Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Informatics SambaBox allows Code Injection. This issue affects SambaBox: before 5.1.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Profelis Informatics · SambaBox

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://sambabox.io/2025/04/14/version-5-1/https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0101 https://www.usom.gov.tr/bildirim/tr-25-0101