๐Ÿ” CVE Alert

CVE-2025-30007

HIGH 8.8

HestiaCP < 1.9.5 Authenticated OS Command Injection via DNS Record Management

CVSS Score
8.8
EPSS Score
2.1%
EPSS Percentile
79th

HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types. Attackers can exploit insufficient input validation in is_dns_record_format_valid() combined with unsafe eval-based parsing in update_domain_zone() to prematurely close a variable assignment string and achieve full root code execution on the underlying host in a single DNS record creation step.

CWE CWE-78
Vendor hestiacp
Product hestiacp
Published Jul 10, 2026
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for hestiacp hestiacp

Be the first to know when new high vulnerabilities affecting hestiacp hestiacp are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

hestiacp / hestiacp
0 < 1.9.5

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/hestiacp/hestiacp/releases/tag/1.9.5 github.com: https://github.com/hestiacp/hestiacp/pull/5197 github.com: https://github.com/hestiacp/hestiacp/commit/a74babb739aa92e52b12d6ef52b6b9428ffbbb67 vulncheck.com: https://www.vulncheck.com/advisories/hestiacp-authenticated-os-command-injection-via-dns-record-management

Credits

Djibril Mounkoro