AI description
CVE-2025-26817 is an OS command injection vulnerability found in Netwrix Password Secure version 9.2.0.32454. The vulnerability allows an attacker to execute arbitrary operating system commands on the affected system. Successful exploitation could lead to unauthorized access, data theft, system compromise, and potentially using the system as a launching point for further network attacks. An authenticated attacker can create a malformed shared document which when opened by the target user can result in arbitrary code execution.
- Description
- Netwrix Password Secure 9.2.0.32454 allows OS command injection.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-78
- Hype score
- Not currently trending
Netwrix Password Secureに深刻な脆弱性(CVE-2025-26817)が発見された。バージョン9.2.2以前の全てのバージョンが影響を受け、認証済み攻撃者が任意のコードを実行できる恐れがある。
@yousukezan
22 May 2025
3115 Impressions
0 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-26817 netwrix rce https://t.co/BMHvms4tZy #BugBounty #bugbountytips #hackerone
@NitinGavhane_
22 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Authenticated Remote Code Execution in Netwrix Password Secure (CVE-2025-26817) https://t.co/i9rePH63E9
@Dinosn
22 May 2025
2534 Impressions
11 Retweets
24 Likes
5 Bookmarks
0 Replies
1 Quote
Authenticated Remote Code Execution in Netwrix Password Secure (CVE-2025-26817) https://t.co/qt2pB5RoJz https://t.co/RhSAS9nEGZ
@secharvesterx
22 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwrix:password_secure:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5EF3F164-0C88-4F42-9C40-0615AF122C36",
"versionEndExcluding": "9.2.1"
}
],
"operator": "OR"
}
]
}
]