CVE-2025-30007
Undergoing Analysis Undergoing Analysis - In Progress

Authenticated OS Command Injection in HestiaCP

Vulnerability report for CVE-2025-30007, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: VulnCheck

Description

HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types. Attackers can exploit insufficient input validation in is_dns_record_format_valid() combined with unsafe eval-based parsing in update_domain_zone() to prematurely close a variable assignment string and achieve full root code execution on the underlying host in a single DNS record creation step.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
hestia control_panel to 1.9.5 (exc)
hestiacp hestiacp to 1.9.5 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify how the CVE-2025-30007 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2025-30007 is an authenticated OS command injection vulnerability in Hestia Control Panel versions before 1.9.5. It allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types.

The root cause is insufficient input validation in the function is_dns_record_format_valid() combined with unsafe eval-based parsing in update_domain_zone(). This allows attackers to prematurely close a variable assignment string and achieve full root code execution on the underlying host in a single DNS record creation step.

Impact Analysis

This vulnerability can have severe impacts because it allows an authenticated user with low privileges to execute arbitrary commands with root privileges on the server running HestiaCP.

An attacker exploiting this flaw can gain full control over the underlying host, potentially leading to complete system compromise, unauthorized data access, data modification, service disruption, or further attacks within the network.

Detection Guidance

This vulnerability involves an authenticated OS command injection via DNS record creation in HestiaCP versions prior to 1.9.5. Detection would focus on monitoring DNS record creation or modification activities, especially those involving unusual or suspicious single-quote characters in DNS record types.

Since the vulnerability exploits injection through DNS record inputs, you can audit DNS record creation logs and look for entries containing single-quote characters or other suspicious input patterns.

Specific commands to detect exploitation attempts are not provided in the available resources. However, general approaches include:

  • Review HestiaCP DNS record creation logs for suspicious entries containing single quotes or malformed DNS records.
  • Use system auditing tools (e.g., auditd on Linux) to monitor execution of commands by the HestiaCP user or root that coincide with DNS record changes.
  • Check for unexpected root-level command executions or unusual processes spawned by the HestiaCP service.

No explicit detection commands or scripts are detailed in the provided resources.

Mitigation Strategies

The primary mitigation step is to upgrade HestiaCP to version 1.9.5 or later, where the vulnerability has been fixed by hardening DNS record validation and removing unsafe eval-based parsing.

The update includes improved DNS record validation, safer parsing methods, and sanitization of DNS inputs to prevent command injection.

  • Upgrade HestiaCP to version 1.9.5 or newer as soon as possible.
  • Review and restrict access to DNS record management features to trusted users only.
  • Audit existing DNS records for suspicious entries that might exploit this vulnerability.

Applying the official patch or update is the recommended and most effective mitigation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-30007. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart