CVE-2025-1782 (GCVE-0-2025-1782)

Vulnerability from cvelistv5 – Published: 2025-04-14 18:41 – Updated: 2026-05-26 16:06
VLAI
Title
Unsanitized input in language form field
Summary
In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated with a valid user account.
Severity
9.9 (Critical)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
Vendor Product Version
ifax HylaFAX Affected: 0 , < 1.1.* (semver)
Affected: 1.2.0 , < 1.2.1 (semver)
Affected: 1.3.0 , < 1.3.2 (semver)
Create a notification for this product.
ifax AvantFAX Affected: 0 , < 3.3.* (semver)
Affected: 3.4.0 , < 3.4.1 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.ifax.com/",
          "defaultStatus": "unaffected",
          "packageName": "HylaFAX",
          "product": "HylaFAX",
          "repo": "https://sourceforge.net/projects/avantfax/",
          "vendor": "ifax",
          "versions": [
            {
              "lessThan": "1.1.*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.2.1",
              "status": "affected",
              "version": "1.2.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.3.2",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://www.ifax.com/",
          "defaultStatus": "unaffected",
          "packageName": "AvantFAX",
          "product": "AvantFAX",
          "repo": "https://sourceforge.net/projects/avantfax/",
          "vendor": "ifax",
          "versions": [
            {
              "lessThan": "3.3.*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.4.1",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized \nbefore being used and can be misused to include an arbitrary file in the\n PHP code allowing an attacker to do anything as the web server user. \nThis flaw requires the attacker to be authenticated with a valid user account."
            }
          ],
          "value": "In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized \nbefore being used and can be misused to include an arbitrary file in the\n PHP code allowing an attacker to do anything as the web server user. \nThis flaw requires the attacker to be authenticated with a valid user account."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-26T16:06:37.631Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.ifax.com/security/CVE-2025-1782.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Unsanitized input in language form field",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-1782",
    "datePublished": "2025-04-14T18:41:21.745Z",
    "dateReserved": "2025-02-28T15:49:58.508Z",
    "dateUpdated": "2026-05-26T16:06:37.631Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-1782",
      "date": "2026-05-29",
      "epss": "0.00122",
      "percentile": "0.30919"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-1782\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2025-04-14T19:15:36.277\",\"lastModified\":\"2026-05-26T19:08:15.080\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized \\nbefore being used and can be misused to include an arbitrary file in the\\n PHP code allowing an attacker to do anything as the web server user. \\nThis flaw requires the attacker to be authenticated with a valid user account.\"},{\"lang\":\"es\",\"value\":\"HylaFAX Enterprise Web Interface y AvantFAX, el elemento de formulario de idioma no se depura correctamente antes de su uso y puede usarse indebidamente para incluir un archivo arbitrario en el c\u00f3digo PHP, lo que permite a un atacante realizar cualquier acci\u00f3n como usuario del servidor web. Esta falla requiere que el atacante se autentique con una cuenta de usuario v\u00e1lida.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.9,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"references\":[{\"url\":\"https://www.ifax.com/security/CVE-2025-1782.html\",\"source\":\"secalert@redhat.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Unsanitized input in language form field\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://sourceforge.net/projects/avantfax/\", \"vendor\": \"ifax\", \"product\": \"HylaFAX\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.1.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.2.0\", \"lessThan\": \"1.2.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.3.0\", \"lessThan\": \"1.3.2\", \"versionType\": \"semver\"}], \"packageName\": \"HylaFAX\", \"collectionURL\": \"https://www.ifax.com/\", \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://sourceforge.net/projects/avantfax/\", \"vendor\": \"ifax\", \"product\": \"AvantFAX\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.3.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.4.0\", \"lessThan\": \"3.4.1\", \"versionType\": \"semver\"}], \"packageName\": \"AvantFAX\", \"collectionURL\": \"https://www.ifax.com/\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.ifax.com/security/CVE-2025-1782.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized \\nbefore being used and can be misused to include an arbitrary file in the\\n PHP code allowing an attacker to do anything as the web server user. \\nThis flaw requires the attacker to be authenticated with a valid user account.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized \\nbefore being used and can be misused to include an arbitrary file in the\\n PHP code allowing an attacker to do anything as the web server user. \\nThis flaw requires the attacker to be authenticated with a valid user account.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2026-05-26T16:06:37.631Z\"}}, \"adp\": [{\"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2025-04-14T19:41:01.791Z\"}, \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-1782\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-26T16:06:37.631Z\", \"dateReserved\": \"2025-02-28T15:49:58.508Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2025-04-14T18:41:21.745Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.