CVE-2026-25855
Received Received - Intake
Remote Code Execution in OpenBullet2 via Malicious Script Upload

Publication date: 2026-06-08

Last updated on: 2026-06-08

Assigner: VulnCheck

Description
OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files (.bat.ps1.sh) through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources, causing the server to execute the scripts and return output as proxy lines, resulting in arbitrary command execution on the host as the process user.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-08
Last Modified
2026-06-08
Generated
2026-06-09
AI Q&A
2026-06-08
EPSS Evaluated
N/A
NVD
CVE-2026-25855
EUVD
EUVD-2026-35134
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openbullet2 openbullet2 From 0.2.5 (inc) to 0.3.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows authenticated users to execute arbitrary commands on the host system, which can lead to unauthorized access, data manipulation, or data breaches.

Such unauthorized command execution and potential data compromise can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls on data confidentiality, integrity, and system security.

Exploitation of this vulnerability could result in violations of these regulations due to unauthorized access or exposure of sensitive data.

Executive Summary

CVE-2026-25855 is a remote code execution vulnerability in OpenBullet2 versions up to 0.3.2 that allows authenticated users to execute arbitrary commands on the server.

The vulnerability arises because attackers can upload malicious script files with extensions like .bat, .ps1, or .sh through the FileProxySource proxy loading feature.

When the server processes these uploaded scripts, it executes the embedded commands and returns the output as proxy lines, resulting in arbitrary command execution on the host system with the privileges of the running process.

Impact Analysis

This vulnerability can have a severe impact as it allows an authenticated attacker to execute arbitrary commands on the server hosting OpenBullet2.

Such arbitrary command execution can lead to unauthorized control over the system, data theft, data manipulation, service disruption, or further exploitation of the network.

Because the commands run with the privileges of the process user, the attacker may gain significant access depending on those privileges.

Detection Guidance

This vulnerability can be detected by monitoring for the upload of script files with extensions such as .bat, .ps1, or .sh through the FileProxySource proxy loading feature in OpenBullet2 versions 0.2.5 through 0.3.2.

Detection commands or methods could include checking server logs for unusual proxy source uploads containing these script file extensions or monitoring for unexpected execution of commands originating from the OpenBullet2 process.

Specific commands are not provided in the available resources.

Mitigation Strategies

Immediate mitigation steps include restricting or disabling the ability for authenticated users to upload script files (.bat, .ps1, .sh) through the FileProxySource proxy loading feature.

Updating OpenBullet2 to a version later than 0.3.2, where this vulnerability is fixed, is recommended.

Additionally, monitoring and restricting user privileges to limit the impact of potential exploitation can help mitigate risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25855. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart