CVE-2025-5030

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-5030

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5030.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-5030

Aliases

GHSA-w6p4-84vc-qc2w

Published

2025-05-21T17:15:59Z

Modified

2025-06-27T11:02:02.828053Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the function processFile of the file internal/unpack/unpack.go of the component wxapkg File Parser. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

References

Affected packages

Git / github.com/ackites/killwxapkg

Affected ranges

Type: GIT
Repo: https://github.com/ackites/killwxapkg
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

eb2d734e449d8b4affe724238eb84e1cfbcc173d

Affected versions

v1.*

v1.0.0

v1.1.0

v2.*

v2.0.0

v2.1.0

v2.2.0

v2.2.1

v2.3.0

v2.3.1

v2.3.2

v2.4.0

v2.4.1