CVE-2025-25038

UNKNOWN 0.0

MiniDVBLinux Root Command Injection

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary commands as the root user, potentially compromising the entire device. Exploitation evidence was observed by the Shadowserver Foundation on 2024-04-10 UTC.

CWE	CWE-78
Vendor	minidvblinux
Product	minidvblinux
Published	Jun 20, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for minidvblinux minidvblinux

Be the first to know when new unknown vulnerabilities affecting minidvblinux minidvblinux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

MiniDVBLinux / MiniDVBLinux

0 ≤ 5.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5717.php exploit-db.com: https://www.exploit-db.com/exploits/51096 fortiguard.com: https://www.fortiguard.com/encyclopedia/ips/52454 cxsecurity.com: https://cxsecurity.com/issue/WLB-2022100039 packetstormsecurity.com: https://packetstormsecurity.com/files/168744/ minidvblinux.de: https://www.minidvblinux.de vulncheck.com: https://vulncheck.com/advisories/minidvblinux-command-injection

Credits

Gjoko Krstic