CVE-2025-55037

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-55037

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55037.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-55037

Aliases

Published

2025-09-05T06:15:32.303Z

Modified

2026-06-29T12:26:27.541117313Z

Severity

9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construct messages from external sources.

References

Affected packages

Git / github.com/kujirahand/tkeasygui-python

Affected ranges

Type: GIT
Repo: https://github.com/kujirahand/tkeasygui-python
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

12c7ca46f363ec94b1efbef53c6ef36bcc733b99

Affected versions

0.*

0.2.55

0.2.57

0.2.63

0.2.67

0.2.68

0.2.69

0.2.71

0.2.72

0.2.73

0.2.74

0.2.75

0.2.76

0.2.77

1.*

1.0.11

1.0.12

1.0.13

1.0.14

1.0.16

1.0.17

1.0.18

1.0.2

1.0.20

1.0.21

1.0.3

1.0.4

1.0.7

1.0.8

1.0.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55037.json"