CVE-2025-8259
Vaelsys VaelsysV4 Web interface vgrid_server.php execute_DataObjectProc os command injection
CVSS Score
7.3
EPSS Score
0.9%
EPSS Percentile
76th
A vulnerability was identified in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. Affected by this issue is the function execute_DataObjectProc of the file /grid/vgrid_server.php of the component Web interface. Such manipulation of the argument xajaxargs leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version 5.1.1 and 5.4.1 can resolve this issue. It is suggested to upgrade the affected component.
| CWE | CWE-78 CWE-77 |
| Vendor | vaelsys |
| Product | vaelsysv4 |
| Published | Jul 28, 2025 |
| Last Updated | Apr 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for vaelsys vaelsysv4
Be the first to know when new high vulnerabilities affecting vaelsys vaelsysv4 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Vaelsys / VaelsysV4
5.0 5.1 5.1.0 5.2 5.3 5.4.0
References
vuldb.com: https://vuldb.com/vuln/317847 vuldb.com: https://vuldb.com/vuln/317847/cti vuldb.com: https://vuldb.com/submit/616920 github.com: https://github.com/waiwai24/0101/blob/main/CVEs/Vaelsys/Remote_Code_Execution_in_Vaelsys_V4_Platform.md vaelsys.github.io: https://vaelsys.github.io/security-advisory/advisories/VSEC_V4_2025_07_0001.html
Credits
๐ waiwai24 (VulDB User) security_vaelsys (VulDB User)