CVE-2025-1244

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-1244
A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2025:1915
https://access.redhat.com/errata/RHSA-2025:1917
https://access.redhat.com/errata/RHSA-2025:1961
https://access.redhat.com/errata/RHSA-2025:1962
https://access.redhat.com/errata/RHSA-2025:1963
https://access.redhat.com/errata/RHSA-2025:1964
https://access.redhat.com/errata/RHSA-2025:2022
https://access.redhat.com/errata/RHSA-2025:2130
https://access.redhat.com/errata/RHSA-2025:2157
https://access.redhat.com/errata/RHSA-2025:2195
https://access.redhat.com/errata/RHSA-2025:2754
https://access.redhat.com/security/cve/CVE-2025-1244
https://bugzilla.redhat.com/show_bug.cgi?id=2345150
http://www.openwall.com/lists/oss-security/2025/03/01/2
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1
https://lists.debian.org/debian-lts-announce/2025/02/msg00033.html
Configurations

No configuration.

History

03 Nov 2025, 21:18

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/02/msg00033.html -
Information

Published : 2025-02-12 15:15

Updated : 2025-11-03 21:18

NVD link : CVE-2025-1244

Mitre link : CVE-2025-1244

CVE.ORG link : CVE-2025-1244

JSON object : View

Products Affected

No product.

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')