CVE-2025-63601

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-63601

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-63601.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-63601

Published

2025-11-05T16:15:40.897Z

Modified

2026-03-14T12:48:23.722181Z

Severity

9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing arbitrary files and execute system commands.

References

Affected packages

Git / github.com/grokability/snipe-it

Affected ranges

Type: GIT
Repo: https://github.com/grokability/snipe-it
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

44ef39e419c02a3307efde977341db9ce138c892

Type

GIT

Repo

https://github.com/snipe/snipe-it

Events

Introduced

Fixed

44ef39e419c02a3307efde977341db9ce138c892

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.3.3"
        }
    ]
}

Affected versions

3.*

3.2.0

5.*

5.1.7

V5.*

V5.4.0

v3.*

v3.0

v3.0-alpha

v3.0-alpha2

v3.0-beta.1

v3.0-beta.2

v3.0-beta.3

v3.0.0-beta

v3.1.0

v3.3.0

v3.3.0-beta

v3.4

v3.4.0-alpha

v3.4.0-beta

v3.5.0

v3.5.0-beta

v3.5.0-beta2

v3.5.1

v3.5.2

v3.6.0

v3.6.0-pre

v3.6.1

v3.6.1-pre

v3.6.2

v3.6.3

v3.6.4

v3.6.5

v3.6.6

Other

v4-beta3

v4-beta4

v4.*

v4.0

v4.0-alpha

v4.0-alpha-2

v4.0-beta

v4.0-beta2

v4.0-beta5

v4.0-beta6

v4.0.1

v4.0.10

v4.0.11

v4.0.12

v4.0.13

v4.0.14

v4.0.15

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.0.6

v4.0.7

v4.0.8

v4.0.9

v4.1.0

v4.1.0-beta

v4.1.0-beta2

v4.1.1

v4.1.10

v4.1.11

v4.1.12

v4.1.13

v4.1.14

v4.1.2

v4.1.3

v4.1.4

v4.1.5

v4.1.6

v4.1.7

v4.1.8

v4.1.9

v4.2.0

v4.3.0

v4.4.0

v4.4.1

v4.5.0

v4.6.0

v4.6.1

v4.6.10

v4.6.11

v4.6.12

v4.6.13

v4.6.14

v4.6.15

v4.6.16

v4.6.17

v4.6.18

v4.6.2

v4.6.3

v4.6.4

v4.6.5

v4.6.6

v4.6.7

v4.6.8

v4.6.9

v4.7.0

v4.7.1

v4.7.2

v4.7.3

v4.7.4

v4.7.5

v4.7.7

v4.7.8

v4.8.0

v4.9.0

v4.9.1

v4.9.2

v4.9.3

v4.9.4

v4.9.5

v5.*

v5.0.0

v5.0.0-beta-1.0

v5.0.0-beta-1.1

v5.0.0-beta-2

v5.0.0-beta-3.0

v5.0.0-beta-4

v5.0.0-beta-5

v5.0.0-beta-6-GM

v5.0.0-beta-7-GM

v5.0.1

v5.0.10

v5.0.11

v5.0.12

v5.0.2

v5.0.3

v5.0.4

v5.0.5

v5.0.6

v5.0.7

v5.0.8

v5.0.9

v5.1.0

v5.1.1

v5.1.2

v5.1.3

v5.1.4

v5.1.5

v5.1.6

v5.1.7

v5.1.8

v5.2.0

v5.3.0

v5.3.1

v5.3.10

v5.3.2

v5.3.3

v5.3.4

v5.3.5

v5.3.6

v5.3.7

v5.3.8

v5.3.9

v5.4.0

v5.4.1

v5.4.2

v5.4.3

v5.4.4

v6.*

v6.0.0

v6.0.0-GM

v6.0.0-RC-1

v6.0.0-RC-2

v6.0.0-RC-3

v6.0.0-RC-4

v6.0.0-RC-5

v6.0.0-RC-6

v6.0.0-RC-7

v6.0.0-RC-8

v6.0.1

v6.0.10

v6.0.11

v6.0.12

v6.0.13

v6.0.14

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.0.6

v6.0.7

v6.0.8

v6.0.9

v6.1.0

v6.1.0-pre

v6.1.1

v6.1.2

v6.2.0

v6.2.1

v6.2.2

v6.2.3

v6.3.0

v6.3.1

v6.3.2

v6.3.3

v6.3.4

v6.4.0

v6.4.1

v6.4.2

v7.*

v7.0.0

v7.0.0-pre

v7.0.1

v7.0.10

v7.0.11

v7.0.12

v7.0.13

v7.0.2

v7.0.3

v7.0.4

v7.0.5

v7.0.6

v7.0.7

v7.0.8

v7.0.9

v7.1.14

v7.1.15

v7.1.16

v7.1.17

v8.*

v8.0.0

v8.0.1

v8.0.2

v8.0.3

v8.0.4

v8.1.0

v8.1.1

v8.1.15

v8.1.16

v8.1.17

v8.1.18

v8.1.2

v8.1.3

v8.1.4

v8.2.0

v8.2.1

v8.3.0

v8.3.1

v8.3.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-63601.json"