CVE-2025-24962 — HIGH (8.8)

Vulnerability Description

reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned release. Users are advised to filter user input and monitor the project for a new release.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Yogeshojha	Rengine	2.2.0

Related Weaknesses (CWE)

CWE-74

References

https://github.com/yogeshojha/rengine/commit/c28e5c8d304478a787811580b4d80b33092Patch
https://github.com/yogeshojha/rengine/security/advisories/GHSA-cg75-ph7x-5rr9ExploitVendor Advisory

FAQ

What is CVE-2025-24962?

CVE-2025-24962 is a vulnerability with a CVSS score of 8.8 (HIGH). reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` a...

How severe is CVE-2025-24962?

CVE-2025-24962 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-24962?

Check the references section above for vendor advisories and patch information. Affected products include: Yogeshojha Rengine.