CVE-2025-0655

Published Mar 20, 2025

Last updated 2 months ago

CVE-2024-55890
D-Tale

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-0655 is a vulnerability that affects man-group's D-Tale software, specifically version 3.15.1. It allows an attacker to override global state settings to enable the `enable_custom_filters` feature, which is normally restricted to trusted environments. Once this feature is enabled, an attacker can exploit the `/test-filter` endpoint to execute arbitrary system commands. This leads to remote code execution (RCE). The vulnerability is addressed in version 3.16.1, which implements validation checks to prevent unauthorized updates to the `enable_custom_filters` setting. Note that CVE-2025-0655 was at one point rejected as a duplicate of CVE-2024-55890.

Description
Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-55890. Notes: All CVE users should reference CVE-2024-55890 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage.
Source
security@huntr.dev
NVD status
Rejected

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. CVE-2025-0655 – #Remote_Code_Execution in D-Tale via Unprotected Custom Filters https://t.co/ap3oxBKcUh https://t.co/GJ7shiCHZI

    @omvapt

    31 May 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Deep Dive: CVE-2025-0655 (Critical RCE in D-Tale) A misused config + unsafe eval() = full remote code execution. Unauthenticated attackers can toggle a global flag and run system commands via an exposed API in D-Tale v3.15.1. ⚠️ CVSS 9.8 | EPSS 85.91% See how the exploit

    @offsectraining

    29 May 2025

    13280 Impressions

    13 Retweets

    109 Likes

    48 Bookmarks

    2 Replies

    0 Quotes

  3. 🚨 CRITICAL Severity man-group/dtale Vulnerability (CVE-2025-0655) 🚨 man-group/dtale (3.1) has a CWE-78 Improper Neutralization of Special Elements used in an OS Command flaw. A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state s

    @AyushInfo57268

    4 Apr 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CRITICAL Severity man-group/dtale Vulnerability (CVE-2025-0655) 🚨 man-group/dtale (3.1) has a CWE-78 Improper Neutralization of Special Elements used in an OS Command flaw. A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state s

    @SecurtyRating

    4 Apr 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. [CVE-2025-0655: CRITICAL] Critical vulnerability in man-group/dtale v3.15.1 allows attackers to enable custom filters leading to remote code execution. Update to v3.16.1 to fix the issue.#cybersecurity,#vulnerability https://t.co/CK9Mnb81Mh https://t.co/njtS5obFjh

    @CveFindCom

    20 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.