Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that allows authenticated users to execute arbitrary commands on the target system. The vulnerability stems from insufficient input validation of user-controlled parameters including filename, port, baud_rate, core, and autoreset within the /admin/upload-custom-firmware endpoint.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/60xxx/CVE-2025-60938.json",
"cna_assigner": "mitre"
}