CVE-2025-48868
BaseFortify
Publication date: 2025-09-24
Last updated on: 2025-09-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| horilla | horilla | 1.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-95 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval"). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authenticated Remote Code Execution (RCE) issue in Horilla 1.3.0. It occurs because the application unsafely uses Python's eval() function on a user-controlled query parameter in the project_bulk_archive view. This allows privileged users, such as administrators, to execute arbitrary system commands on the server. Exploitation is easier when Django's DEBUG mode is enabled, but it can still be exploited without DEBUG by using blind payloads like a reverse shell. The vulnerability was fixed in version 1.3.1.
How can this vulnerability impact me? :
This vulnerability can allow privileged users to execute arbitrary system commands on the server hosting Horilla. This could lead to full remote code execution, potentially compromising the entire server, exposing sensitive data, disrupting services, or allowing attackers to gain further access to the network.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Horilla to version 1.3.1 or later, where the vulnerability has been patched. Additionally, ensure that Django's DEBUG setting is set to False in production environments to reduce the risk of visible command output during exploitation.