CVE-2025-50428

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-50428

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-50428.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-50428

Published

2025-08-27T17:15:41.443Z

Modified

2026-04-10T05:29:12.335376Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter.

References

Affected packages

Git / github.com/raspap/raspap-webgui

Affected ranges

Type

GIT

Repo

https://github.com/raspap/raspap-webgui

Events

Introduced

Last affected

c3175459ab2fc4ac6fd3d9bc708daadbf77cf875

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.3.2"
        }
    ]
}

Affected versions

1.*

1.0

1.3.1

1.4.0

1.4.1

1.5

1.5.1

1.6

1.6.1

1.6.2

2.*

2.0

2.2

2.3

2.3.1

2.4

2.4-beta

2.4.1

2.5

2.5.1

2.5.2

2.6

2.6-beta

2.6.1

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.7.0

2.7.1

2.8.0

2.8.1

2.8.2

2.8.3

2.8.5

2.8.6

2.8.7

2.8.8

2.8.9

2.9.0

2.9.1

2.9.2

2.9.3

2.9.4

2.9.5

2.9.6

2.9.7

2.9.8

2.9.9

3.*

3.0

3.0-beta

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.1.9

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.2.7

3.2.8

3.2.9

3.3.0

3.3.1

3.3.2

v1.*

v1.0

v1.1

v1.2.0

v1.2.1

v1.3.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-50428.json"