CVE-2025-26845: n/a in n/a
An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.
AI Analysis
Technical Summary
CVE-2025-26845 is a critical remote code execution vulnerability classified as an Eval Injection issue found in Znuny up to version 7.1.3. Znuny is an open-source ticketing and customer support system forked from OTRS, widely used for IT service management. The vulnerability arises because a user with write access to the configuration file can inject malicious code that gets evaluated during the execution of the backup.pl script. This script is typically run by a system user to perform backups. Since the vulnerability allows arbitrary command execution with the privileges of the user running the backup script, an attacker who can modify the configuration file can execute arbitrary commands on the host system. The CVSS 3.1 base score is 9.8 (critical), reflecting the vulnerability's ease of exploitation (network vector, no privileges required, no user interaction) and its impact on confidentiality, integrity, and availability. The CWE-95 classification (Improper Control of Generation of Code) indicates that the vulnerability stems from unsafe evaluation of user-controllable input. No patches or fixes are currently linked, and no known exploits have been reported in the wild yet. However, given the critical severity and the nature of the vulnerability, exploitation could lead to full system compromise, data theft, or disruption of service.
Potential Impact
For European organizations using Znuny for IT service management or customer support, this vulnerability poses a significant risk. Successful exploitation could allow attackers to execute arbitrary commands on backup servers or systems running the backup.pl script, potentially leading to full system compromise. This could result in unauthorized access to sensitive customer data, disruption of critical support operations, and potential lateral movement within the network. The confidentiality, integrity, and availability of organizational data and services could be severely impacted. Given the critical CVSS score and the fact that exploitation does not require authentication or user interaction, the threat is particularly severe for organizations relying on automated backup processes. Additionally, the compromise of backup systems could undermine disaster recovery capabilities, increasing downtime and operational risk.
Mitigation Recommendations
Immediate mitigation steps include restricting write access to the Znuny configuration files strictly to trusted administrators and service accounts. Organizations should audit permissions on configuration files and backup scripts to ensure only authorized personnel have modification rights. Running the backup.pl script with the least privilege principle is critical; it should not run with root or highly privileged accounts. Implement monitoring and alerting for unexpected changes to configuration files and unusual execution of backup scripts. Until an official patch is released, consider isolating backup systems from general network access and employing application whitelisting to prevent unauthorized code execution. Regularly review and harden the Znuny installation and backup environment, including disabling any unnecessary scripting or eval functions if possible. Finally, organizations should prepare incident response plans specific to this vulnerability to quickly contain and remediate any exploitation attempts.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Italy
CVE-2025-26845: n/a in n/a
Description
An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.
AI-Powered Analysis
Technical Analysis
CVE-2025-26845 is a critical remote code execution vulnerability classified as an Eval Injection issue found in Znuny up to version 7.1.3. Znuny is an open-source ticketing and customer support system forked from OTRS, widely used for IT service management. The vulnerability arises because a user with write access to the configuration file can inject malicious code that gets evaluated during the execution of the backup.pl script. This script is typically run by a system user to perform backups. Since the vulnerability allows arbitrary command execution with the privileges of the user running the backup script, an attacker who can modify the configuration file can execute arbitrary commands on the host system. The CVSS 3.1 base score is 9.8 (critical), reflecting the vulnerability's ease of exploitation (network vector, no privileges required, no user interaction) and its impact on confidentiality, integrity, and availability. The CWE-95 classification (Improper Control of Generation of Code) indicates that the vulnerability stems from unsafe evaluation of user-controllable input. No patches or fixes are currently linked, and no known exploits have been reported in the wild yet. However, given the critical severity and the nature of the vulnerability, exploitation could lead to full system compromise, data theft, or disruption of service.
Potential Impact
For European organizations using Znuny for IT service management or customer support, this vulnerability poses a significant risk. Successful exploitation could allow attackers to execute arbitrary commands on backup servers or systems running the backup.pl script, potentially leading to full system compromise. This could result in unauthorized access to sensitive customer data, disruption of critical support operations, and potential lateral movement within the network. The confidentiality, integrity, and availability of organizational data and services could be severely impacted. Given the critical CVSS score and the fact that exploitation does not require authentication or user interaction, the threat is particularly severe for organizations relying on automated backup processes. Additionally, the compromise of backup systems could undermine disaster recovery capabilities, increasing downtime and operational risk.
Mitigation Recommendations
Immediate mitigation steps include restricting write access to the Znuny configuration files strictly to trusted administrators and service accounts. Organizations should audit permissions on configuration files and backup scripts to ensure only authorized personnel have modification rights. Running the backup.pl script with the least privilege principle is critical; it should not run with root or highly privileged accounts. Implement monitoring and alerting for unexpected changes to configuration files and unusual execution of backup scripts. Until an official patch is released, consider isolating backup systems from general network access and employing application whitelisting to prevent unauthorized code execution. Regularly review and harden the Znuny installation and backup environment, including disabling any unnecessary scripting or eval functions if possible. Finally, organizations should prepare incident response plans specific to this vulnerability to quickly contain and remediate any exploitation attempts.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2025-02-15T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9818c4522896dcbd81e5
Added to database: 5/21/2025, 9:08:40 AM
Last enriched: 7/5/2025, 4:56:19 AM
Last updated: 7/30/2025, 6:13:49 PM
Views: 10
Related Threats
CVE-2025-8959: CWE-59: Improper Link Resolution Before File Access (Link Following) in HashiCorp Shared library
HighCVE-2025-44201
UnknownCVE-2025-36088: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Storage TS4500 Library
MediumCVE-2025-43490: CWE-59 Improper Link Resolution Before File Access ('Link Following') in HP, Inc. HP Hotkey Support Software
MediumCVE-2025-9060: CWE-20 Improper Input Validation in MSoft MFlash
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.