CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-8259

A vulnerability was identified in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. Affected by this issue is the function execute_DataObjectProc of the file /grid/vgrid_server.php of the component Web interface. Such manipulation of the argument xajaxargs leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version 5.1.1 and 5.4.1 can resolve this issue. It is suggested to upgrade the affected component.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.011

EPSS Ranking 78.0%

CVSS Severity

CVSS v3 Score 7.3

CVSS v2 Score 7.5

References

https://github.com/waiwai24/0101/blob/main/CVEs/Vaelsys/Remote_Code_Execution_in_Vaelsys_V4_Platform.md
https://vaelsys.github.io/security-advisory/advisories/VSEC_V4_2025_07_0001.html
https://vuldb.com/submit/616920
https://vuldb.com/vuln/317847
https://vuldb.com/vuln/317847/cti

Products affected by CVE-2025-8259

Vaelsys » Vaelsys » Version: 4.1.0

cpe:2.3:a:vaelsys:vaelsys:4.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-8259

Products

Pricing

Contact Us