Vulnerability Description
MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the user running the application. The vulnerability exists in the CMD() function within GIFSicleTool\Form_gif_sicle_tool.cs, which constructs shell commands by concatenating unsanitized user input (file paths) and executes them via cmd.exe.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Luotengyuan | Myscreentools | <= 2.2.1.0 |
Related Weaknesses (CWE)
References
- https://github.com/cydtseng/Vulnerability-Research/blob/main/myscreentools/OSComThird Party AdvisoryExploitMitigation
- https://github.com/luotengyuan/MyScreenTools/blob/master/GIFSicleTool/Form_gif_sProduct
- https://github.com/luotengyuan/MyScreenTools/tree/masterProduct
FAQ
What is CVE-2025-63916?
CVE-2025-63916 is a vulnerability with a CVSS score of 8.1 (HIGH). MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cm...
How severe is CVE-2025-63916?
CVE-2025-63916 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-63916?
Check the references section above for vendor advisories and patch information. Affected products include: Luotengyuan Myscreentools.