CVE-2025-55322

OmniParser Remote Code Execution Vulnerability

CVSS 7.3 HIGHEPSS 0.3%CWE-1327

In short

OmniParser binds to all network interfaces without access controls, allowing anyone on the network to send commands that execute code on the affected server. This is dangerous because it exposes a critical service to unauthorized remote execution.

Technical detail

The vulnerability exists due to binding to 0.0.0.0 or equivalent unrestricted addresses without authentication or network segmentation. An unauthenticated network attacker can connect to the exposed service and trigger remote code execution, potentially compromising the entire system.

Summary generated and translated by AI from the official description.

Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C

Affected products

Microsoft · OmniParser

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55322