CVE-2025-57799
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-01

Last updated on: 2025-09-02

Assigner: GitHub, Inc.

Description
StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct malicious commands, execute command injection attacks against the system, and ultimately gain server privileges. Users of all versions of the StreamVault system to date who have not modified their background passwords or use weak passwords are at risk of having their systems taken over via remote command execution. This issue has been patched in version 250822.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-01
Last Modified
2025-09-02
Generated
2026-06-16
AI Q&A
2025-09-01
EPSS Evaluated
2026-06-14
NVD
CVE-2025-57799
EUVD
EUVD-2025-26347
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
lemon8866 streamvault *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-57799 is a command injection vulnerability in the Java-based StreamVault system versions prior to 250822. After logging in, an attacker who is authenticated can modify system parameters that are improperly sanitized, such as cookies used for video platforms like Douyin and Kuaishou. These parameters are concatenated directly into backend command execution calls without proper sanitization, allowing the attacker to inject arbitrary OS commands. This can lead to remote command execution on the server and potentially full server privilege takeover, especially if weak or default passwords are used. [1]

Mitigation Strategies

Immediate mitigation steps include updating StreamVault to version 250822 or later, where the vulnerability has been patched. The patch replaces unsafe string concatenation of command-line arguments with a safer approach using a list of command arguments executed via ProcessBuilder, preventing command injection. Additionally, users should change any default or weak passwords to strong, unique passwords to reduce risk. If updating immediately is not possible, restrict access to the affected endpoints, validate and sanitize all user inputs, and monitor for suspicious activity. [1, 2]

Impact Analysis

This vulnerability can allow an authenticated attacker to execute arbitrary commands on the StreamVault server remotely. This can lead to complete system compromise, including gaining server privileges, unauthorized access to sensitive data, disruption of services, and potential use of the server for further attacks. Systems using weak or default passwords are particularly at risk of being taken over. [1]

Detection Guidance

This vulnerability can be detected by attempting to inject OS commands into the system parameters used by StreamVault, particularly in the cookie fields for video platforms like Douyin. For example, sending a POST request to the endpoint `/admin/api/updateTikTokConfig` with a payload that includes a malicious cookie value such as `"; touch /tmp/success; echo "` can test for command injection. If the file `/tmp/success` is created on the server, it indicates the vulnerability is present. Network monitoring for unusual POST requests to this endpoint or unexpected file creation can also help detect exploitation attempts. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-57799. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart