Home > Vulnerability Database > CVE-2025-59518

Mend.io Vulnerability Database

CVE-2025-59518

Good to know:

Date: September 16, 2025

In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server.

Severity Score

8.0

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-59518

Url: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/3462

Url: https://security-tracker.debian.org/tracker/CVE-2025-59518

Url: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/228d01945d48015f3f9ea8a8dc64d7e6a27750e9

Url: https://www.mend.io/vulnerability-database/CVE-2025-59518

Severity Score

8.0

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-78

Top Fix

Upgrade Version

Upgrade to version https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng.git - v2.16.7;https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng.git - v2.21.3

Learn More

CVSS v3.1

Base Score:	8.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-59518

Good to know:

Date: September 16, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?