CVE-2025-67738
BaseFortify
Publication date: 2025-12-11
Last updated on: 2025-12-18
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| webmin | webmin | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the squid/cachemgr.cgi component of Webmin versions before 2.600. It occurs because the application does not properly quote arguments, which can be exploited if an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions (the "cms" security option).
How can this vulnerability impact me? :
The vulnerability can have a severe impact as indicated by its high CVSS score (8.5). It can lead to complete compromise of confidentiality, integrity, and availability of the affected system, since it allows an authenticated but untrusted user with specific permissions to exploit the improper argument quoting.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Webmin to version 2.600 or later, which includes a fix that properly quotes arguments passed to the squid/cachemgr.cgi script, preventing command injection vulnerabilities. Ensure that only trusted users with appropriate Cache Manager permissions can authenticate to Webmin. Applying the patch or update that fixes the argument quoting issue will mitigate the vulnerability. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability, you should check if your Webmin installation is a version before 2.600 and if the Squid module with Cache Manager feature is enabled. Additionally, verify if untrusted users have authentication and the 'cms' Cache Manager permissions. There are no specific commands provided in the resources to detect exploitation attempts or presence of the vulnerability. However, you can check the Webmin version by running: `webmin --version` or checking the Webmin interface. To detect suspicious usage, monitor access logs for requests to `squid/cachemgr.cgi` with unusual or specially crafted arguments. Since the vulnerability involves improper quoting of arguments leading to possible command injection, monitoring for command injection patterns in logs or unusual command executions related to Squid cache manager may help. No explicit detection commands are provided in the resources. [1, 2]