CVE-2025-57799 is a high-severity OS command injection vulnerability (CWE-78) affecting lemon8866's StreamVault, a multi-platform video parsing and downloading tool. The vulnerability exists in versions prior to 250822. After authenticating to the StreamVault system, an attacker with at least limited privileges can modify certain system parameters that are improperly sanitized, allowing them to inject and execute arbitrary operating system commands. This leads to remote command execution on the server hosting StreamVault, potentially resulting in full server compromise and privilege escalation. The vulnerability does not require user interaction beyond logging in, and no additional authentication bypass is needed beyond valid credentials. The CVSS 4.0 score is 8.7 (high), reflecting the network attack vector, low attack complexity, no privileges required beyond login, no user interaction, and high impact on confidentiality, integrity, and availability. The vulnerability has been patched in version 250822. However, systems running older versions with default or weak passwords remain at risk. No known exploits are currently reported in the wild, but the ease of exploitation and impact make this a critical concern for affected users.

For European organizations using StreamVault, this vulnerability poses a significant risk. Successful exploitation can lead to full server compromise, allowing attackers to access sensitive video data, manipulate or delete content, disrupt services, or use the compromised server as a foothold for lateral movement within the network. Given StreamVault's role in video parsing and downloading, organizations in media, surveillance, broadcasting, or content delivery sectors are particularly vulnerable. The compromise of video data can lead to confidentiality breaches, intellectual property theft, and reputational damage. Additionally, attackers gaining server privileges could disrupt critical operations or launch further attacks. The risk is heightened if organizations have not updated to the patched version or maintain weak authentication practices. The lack of required user interaction and network accessibility of the service increases the likelihood of remote exploitation.

European organizations should immediately verify their StreamVault version and upgrade to version 250822 or later to apply the official patch. Until patched, restrict access to the StreamVault management interface via network segmentation and firewall rules to trusted administrators only. Enforce strong, unique passwords and consider implementing multi-factor authentication if supported. Monitor logs for unusual parameter changes or command execution attempts. Employ application-layer firewalls or intrusion detection systems capable of detecting command injection patterns. Regularly audit and harden server configurations hosting StreamVault to minimize attack surface. Additionally, conduct internal penetration testing to verify the absence of exploitation and ensure that no unauthorized commands have been executed. Maintain an incident response plan tailored to potential server compromises involving StreamVault.