← volver
CVE-2025-55037

CVE-2025-55037

CVSS 9.3 CRITICALEPSS 2.7%CWE-78
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construct messages from external sources.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
kujirahand · TkEasyGUI

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/kujirahand/tkeasygui-python/releases/tag/v1.0.22https://jvn.jp/en/jp/JVN48739895/