CVE-2025-65530

EPSS 0.05%
Veröffentlicht 12.12.2025 00:00:00
Zuletzt bearbeitet 19.12.2025 20:00:23
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cloudlinux ≫ Ai-bolit Version < 32.7.4-1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.166

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

http://cloudlinux.com

Product

http://ai-bolit.com

Broken Link

https://blog.imunify360.com/security-advisory-imunify-ai-bolit-vulnerability

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-65530

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-65530

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-65530

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-65530