Upstream information
Description
A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the function processFile of the file internal/unpack/unpack.go of the component wxapkg File Parser. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
| CNA (VulDB) | |
|---|---|
| Base Score | 5.1 |
| Vector | AV:N/AC:H/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
| CNA (VulDB) | National Vulnerability Database | |
|---|---|---|
| Base Score | 5 | 8.1 |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack Vector | Network | Network |
| Attack Complexity | High | High |
| Privileges Required | None | None |
| User Interaction | Required | None |
| Scope | Unchanged | Unchanged |
| Confidentiality Impact | Low | High |
| Integrity Impact | Low | High |
| Availability Impact | Low | High |
| CVSSv3 Version | 3.1 | 3.1 |
| CNA (VulDB) | |
|---|---|
| Base Score | 2.3 |
| Vector | CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
| Attack Vector | Network |
| Attack Complexity | High |
| Attack Requirements | None |
| Privileges Required | None |
| User Interaction | Passive |
| Vulnerable System Confidentiality Impact | Low |
| Vulnerable System Integrity Impact | Low |
| Vulnerable System Availability Impact | Low |
| Subsequent System Confidentiality Impact | None |
| Subsequent System Integrity Impact | None |
| Subsequent System Availability Impact | None |
| CVSSv4 Version | 4.0 |
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2025-15405 |
SUSE Timeline for this CVE
CVE page created: Wed May 21 20:01:12 2025CVE page last modified: Tue Aug 5 01:23:50 2025