CVE-2025-67728 is a command injection vulnerability classified under CWE-77 affecting ShaneIsrael's Fireshare, a self-hosted media and link sharing application. Versions prior to 1.3.0 improperly handle user-supplied filenames during video file uploads. Specifically, the filename is concatenated directly into a shell command without proper sanitization or neutralization of special characters. This flaw enables attackers to craft malicious filenames containing shell metacharacters or path traversal sequences, which the system executes on the host. The vulnerability can be exploited by authenticated users or unauthenticated users if the Public Uploads feature is enabled, allowing attackers to upload files to arbitrary directories or execute arbitrary system commands remotely. The impact includes remote code execution, full system compromise, data exfiltration, and disruption of service. The vulnerability has a CVSS 3.1 base score of 9.8, reflecting its critical nature with network attack vector, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. No known exploits are reported in the wild yet, but the ease of exploitation and severity necessitate urgent remediation. The vendor fixed the issue in Fireshare version 1.3.0 by properly sanitizing filenames and preventing command injection.

For European organizations, this vulnerability poses a severe risk due to potential full system compromise via remote code execution. Attackers could gain unauthorized access to sensitive media files, exfiltrate confidential data, or disrupt business operations by executing arbitrary commands on the server hosting Fireshare. Organizations relying on Fireshare for internal or external media sharing could face data breaches, ransomware deployment, or service outages. The ability for unauthenticated users to exploit the flaw if Public Uploads is enabled broadens the attack surface significantly. Given the criticality and ease of exploitation, this vulnerability could be leveraged in targeted attacks against media companies, educational institutions, or any entity using Fireshare in Europe. The impact extends to loss of customer trust, regulatory penalties under GDPR for data breaches, and operational downtime.

1. Immediately upgrade all Fireshare instances to version 1.3.0 or later, where the vulnerability is fixed. 2. If upgrading is not immediately possible, disable the Public Uploads feature to prevent unauthenticated exploitation. 3. Implement strict input validation and sanitization on filenames and any user-supplied data before processing or passing to shell commands. 4. Employ application-level sandboxing or containerization to limit the impact of potential command execution. 5. Monitor logs for suspicious upload activity or unusual command executions. 6. Restrict network access to Fireshare servers to trusted users and networks only. 7. Conduct regular security audits and penetration testing focusing on file upload functionalities. 8. Educate administrators and users about the risks of enabling public uploads and encourage secure configuration practices.