icon

We found results for “

CVE-2025-59518

Good to know:

icon
icon

Date: September 16, 2025

In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server.

Severity Score

Severity Score

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-78

Top Fix

icon

Upgrade Version

Upgrade to version https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng.git - v2.16.7;https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng.git - v2.21.3

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us