Critical Alert 1 Active Exploit Detected Today

CVE-2026-28318 SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability →
Powered by CVE Watchtower
×
June 6, 2026

CVE Watchtower


← Back to CVE List

CVE-2025-25269NVD

Vulnerability Summary

An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.
Severity Level
HIGH(8.4)
Published Date
Jul 8, 2025
Last Modified
Jul 11, 2025
Exploitation Status
????
EPSS Score (30-Day)
Data Pending
Root Weakness (CWE)
CWE-78: OS Command Injection β†—
The software constructs all or part of an OS command using externally-influenced input, but does not properly neutralize special elements.
CVSS v3.1 Base Metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

External References