CVE-2025-57799
BaseFortify
Publication date: 2025-09-01
Last updated on: 2025-09-02
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lemon8866 | streamvault | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-57799 is a command injection vulnerability in the Java-based StreamVault system versions prior to 250822. After logging in, an attacker who is authenticated can modify system parameters that are improperly sanitized, such as cookies used for video platforms like Douyin and Kuaishou. These parameters are concatenated directly into backend command execution calls without proper sanitization, allowing the attacker to inject arbitrary OS commands. This can lead to remote command execution on the server and potentially full server privilege takeover, especially if weak or default passwords are used. [1]
How can this vulnerability impact me? :
This vulnerability can allow an authenticated attacker to execute arbitrary commands on the StreamVault server remotely. This can lead to complete system compromise, including gaining server privileges, unauthorized access to sensitive data, disruption of services, and potential use of the server for further attacks. Systems using weak or default passwords are particularly at risk of being taken over. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to inject OS commands into the system parameters used by StreamVault, particularly in the cookie fields for video platforms like Douyin. For example, sending a POST request to the endpoint `/admin/api/updateTikTokConfig` with a payload that includes a malicious cookie value such as `"; touch /tmp/success; echo "` can test for command injection. If the file `/tmp/success` is created on the server, it indicates the vulnerability is present. Network monitoring for unusual POST requests to this endpoint or unexpected file creation can also help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating StreamVault to version 250822 or later, where the vulnerability has been patched. The patch replaces unsafe string concatenation of command-line arguments with a safer approach using a list of command arguments executed via ProcessBuilder, preventing command injection. Additionally, users should change any default or weak passwords to strong, unique passwords to reduce risk. If updating immediately is not possible, restrict access to the affected endpoints, validate and sanitize all user inputs, and monitor for suspicious activity. [1, 2]