Vulnerability Description
A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.8 is able to address this issue. The patch is named e23559b98c8ea2957f09978c29f4e512ba789eb6. It is recommended to upgrade the affected component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xiaoyunjie | Openvpn-Cms-Flask | < 1.2.8 |
Related Weaknesses (CWE)
References
- https://github.com/xiaoyunjie/openvpn-cms-flask/commit/e23559b98c8ea2957f09978c2Patch
- https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24ExploitIssue TrackingVendor Advisory
- https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24#issuecomment-294856346ExploitIssue TrackingVendor Advisory
- https://github.com/xiaoyunjie/openvpn-cms-flask/releases/tag/v1.2.8Release Notes
- https://vuldb.com/?ctiid.314091Permissions RequiredVDB Entry
- https://vuldb.com/?id.314091Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.602373Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-6775?
CVE-2025-6775 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v1/openvpn.py of the component User Creati...
How severe is CVE-2025-6775?
CVE-2025-6775 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-6775?
Check the references section above for vendor advisories and patch information. Affected products include: Xiaoyunjie Openvpn-Cms-Flask.