CVE-2025-67728 is a critical command injection vulnerability affecting ShaneIsrael's fireshare software, a self-hosted media and link sharing platform. Versions 1.2.30 and earlier improperly handle filenames during video file uploads. Specifically, the application concatenates the uploaded filename directly into a shell command without proper sanitization or neutralization of special characters. This flaw allows an attacker to craft a malicious filename containing shell metacharacters or path traversal sequences. When processed, these filenames can cause the server to execute arbitrary system commands or write files to arbitrary directories, leading to remote code execution (RCE). The vulnerability can be exploited by any authenticated user, or by unauthenticated users if the Public Uploads feature is enabled, significantly broadening the attack surface. The issue is classified under CWE-77 (Improper Neutralization of Special Elements used in a Command) and has a CVSS v3.1 base score of 9.8, reflecting its critical impact on confidentiality, integrity, and availability without requiring privileges or user interaction. No known exploits are currently reported in the wild, but the ease of exploitation and severity make it a high-risk vulnerability. The vendor fixed this issue in fireshare version 1.3.0 by properly sanitizing filenames and preventing command injection.

For European organizations, this vulnerability poses a severe risk. Exploitation can lead to full system compromise, data theft, unauthorized data modification, or service disruption. Organizations using fireshare for internal or external media sharing could have sensitive data exposed or manipulated. The ability to upload files to arbitrary directories can facilitate persistent backdoors or malware installation. Public-facing fireshare instances with Public Uploads enabled are especially vulnerable to unauthenticated attacks, increasing the likelihood of widespread exploitation. This can impact confidentiality by exposing sensitive media, integrity by altering or deleting files, and availability by disrupting services or causing system crashes. The critical nature of the vulnerability means attackers can achieve complete control over affected servers, potentially pivoting to other internal systems. Compliance with GDPR and other European data protection regulations could be jeopardized if personal data is compromised due to this vulnerability.

European organizations should immediately upgrade fireshare installations to version 1.3.0 or later, where the vulnerability is patched. Until the upgrade is applied, disable the Public Uploads feature to prevent unauthenticated exploitation. Implement strict input validation and sanitization on filenames at the application level to block special characters and path traversal sequences. Employ application-layer firewalls or intrusion detection systems to monitor and block suspicious upload requests. Restrict file upload permissions and isolate the fireshare service in a hardened environment with minimal privileges to limit potential damage. Regularly audit and monitor logs for unusual upload activity or command execution attempts. Educate administrators and users about the risks of uploading files with suspicious names. Finally, maintain an incident response plan to quickly address any signs of compromise related to this vulnerability.