CVE-2025-59518 is a high-severity OS command injection vulnerability affecting LemonLDAP::NG, an open-source Web Single Sign-On (SSO) and Access Management system widely used for authentication and authorization in web environments. The vulnerability exists in versions prior to 2.16.7 and between 2.17.0 and 2.21.3. Specifically, the issue arises in the Safe jail component responsible for evaluating administrator-defined rules. The Safe jail fails to properly localize the underscore character (_) during rule evaluation, which leads to improper neutralization of special elements used in OS commands (CWE-78). This flaw allows an authenticated administrator with permission to edit rules to inject and execute arbitrary OS commands on the underlying server hosting LemonLDAP::NG. The vulnerability has a CVSS 3.1 score of 8.0, indicating high severity, with an attack vector of network (remote exploitation possible), high attack complexity, requiring privileges (administrator-level access), no user interaction, and a scope change that impacts confidentiality, integrity, and availability. Successful exploitation could lead to full system compromise, data exfiltration, service disruption, or lateral movement within the network. No known public exploits have been reported yet, but the presence of an exploitable injection vector in an authentication gateway product makes this a critical concern for organizations relying on LemonLDAP::NG for access control.

For European organizations, the impact of this vulnerability can be significant. LemonLDAP::NG is used by various public sector entities, universities, and enterprises across Europe for centralized authentication and access management. Exploitation could allow attackers to bypass authentication controls, execute arbitrary commands on critical servers, and compromise sensitive user credentials or internal systems. This could lead to unauthorized access to protected resources, data breaches involving personal or confidential information subject to GDPR, and disruption of essential services. Given the role of LemonLDAP::NG as a gatekeeper for multiple applications, a successful attack could cascade into broader network compromise, affecting business continuity and trust. The high privilege requirement limits exploitation to insiders or compromised administrator accounts, but the potential damage remains severe, especially in regulated industries and government sectors prevalent in Europe.

To mitigate this vulnerability, organizations should immediately upgrade LemonLDAP::NG to version 2.16.7 or later, or 2.21.3 or later, where the issue is patched. Until upgrades are applied, restrict rule editing permissions strictly to trusted administrators and implement enhanced monitoring of rule changes and server command execution logs. Employ network segmentation to isolate LemonLDAP::NG servers from less trusted networks and use host-based intrusion detection systems to detect anomalous command executions. Additionally, conduct regular audits of administrator activities and enforce multi-factor authentication for administrative access to reduce the risk of credential compromise. Consider deploying application-layer firewalls or WAFs with custom rules to detect and block suspicious command injection patterns targeting the Safe jail component. Finally, maintain an incident response plan tailored to identity management infrastructure compromise scenarios.