CVE-2025-1244

HIGH EPSS 83.9%

Published Feb 12, 20251y ago · Modified Jun 25, 20265d ago

8.8 CVSS 3.1

High

Published Feb 12, 2025 1y ago

Last Modified Jun 25, 2026 5d ago

Description

A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

CVSS Details

Base Score

8.8

Exploitability

2.8

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

83.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

References 17

openwall.com http://www.openwall.com/lists/oss-security/2025/03/01/2
access.redhat.com https://access.redhat.com/errata/RHSA-2025:1915
access.redhat.com https://access.redhat.com/errata/RHSA-2025:1917
access.redhat.com https://access.redhat.com/errata/RHSA-2025:1961
access.redhat.com https://access.redhat.com/errata/RHSA-2025:1962
access.redhat.com https://access.redhat.com/errata/RHSA-2025:1963
access.redhat.com https://access.redhat.com/errata/RHSA-2025:1964
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2022
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2130
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2157
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2195
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2754
access.redhat.com https://access.redhat.com/security/cve/CVE-2025-1244
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2345150
debbugs.gnu.org https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390
git.savannah.gnu.org https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1
lists.debian.org https://lists.debian.org/debian-lts-announce/2025/02/msg00033.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.