Home > Vulnerability Database > CVE-2025-63916

Mend.io Vulnerability Database

CVE-2025-63916

Good to know:

Date: November 16, 2025

MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the user running the application. The vulnerability exists in the CMD() function within GIFSicleTool\Form_gif_sicle_tool.cs, which constructs shell commands by concatenating unsanitized user input (file paths) and executes them via cmd.exe.

Severity Score

8.1

Related Resources (5)

Url: https://github.com/luotengyuan/MyScreenTools/tree/master

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-63916

Url: https://github.com/cydtseng/Vulnerability-Research/blob/main/myscreentools/OSCommandInjection-GifCompression.md

Url: https://github.com/luotengyuan/MyScreenTools/blob/master/GIFSicleTool/Form_gif_sicle_tool.cs

Url: https://www.mend.io/vulnerability-database/CVE-2025-63916

Severity Score

8.1

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-78

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-63916

Good to know:

Date: November 16, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?