CVE-2025-51958 identifies a remote code execution vulnerability in the aelsantex runcommand plugin for DokuWiki, specifically in the file lib/plugins/runcommand/postaction.php. This vulnerability allows unauthenticated attackers to execute arbitrary system commands on the server hosting the DokuWiki instance. The attack vector involves sending crafted requests to the vulnerable PHP script, which fails to properly sanitize or validate input parameters before passing them to system-level command execution functions. As a result, attackers can run arbitrary commands with the privileges of the web server process, potentially leading to full system compromise. The vulnerability does not require authentication or user interaction, increasing its risk profile. No CVSS score has been assigned yet, and no public exploits have been reported, but the technical details indicate a high severity due to the nature of remote code execution. The plugin affected is a third-party extension for DokuWiki, a popular open-source wiki software often used in enterprise, educational, and government environments. The lack of patch information suggests that either no fix has been released or it is not publicly documented, emphasizing the need for immediate mitigation steps by administrators.

For European organizations, the impact of this vulnerability can be substantial. DokuWiki is widely used in sectors such as education, government, and small to medium enterprises across Europe for documentation and collaboration. Exploitation could lead to unauthorized access to sensitive information, data manipulation, or complete system takeover. Attackers could deploy malware, establish persistent backdoors, or disrupt services, affecting business continuity and data confidentiality. Given the unauthenticated nature of the exploit, attackers can target exposed DokuWiki instances directly from the internet, increasing the likelihood of attacks. This could also lead to reputational damage and regulatory consequences under GDPR if personal or sensitive data is compromised. The absence of known exploits currently provides a window for proactive defense, but the risk remains high due to the ease of exploitation and potential for severe damage.

1. Immediately identify and disable or remove the aelsantex runcommand plugin from all DokuWiki installations. 2. If removal is not feasible, restrict access to the vulnerable postaction.php script using web server configuration (e.g., IP whitelisting or authentication). 3. Implement strict input validation and sanitization on any user-supplied data passed to system commands, if custom patches are applied. 4. Monitor web server logs and network traffic for unusual or suspicious requests targeting the plugin’s PHP scripts. 5. Employ web application firewalls (WAFs) with rules designed to detect and block command injection attempts. 6. Regularly update DokuWiki and all plugins to their latest versions and subscribe to vendor or community security advisories. 7. Conduct security audits and penetration testing focused on web application vulnerabilities, especially on wiki platforms. 8. Educate system administrators about the risks of third-party plugins and the importance of minimal privilege principles for web services.