CVE-2025-1244

HighRCE

Published: 12 February 2025

Published

12 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0129 79.8th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1244 is a high-severity OS Command Injection (CWE-78) vulnerability in Gnu (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 20.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates CVE-2025-1244 by requiring timely patching of the command injection vulnerability in Emacs as provided in vendor errata like RHSA-2025:1915.

RA-5 Vulnerability Monitoring and Scanning good match

prevent

Vulnerability scanning detects the presence of vulnerable Emacs versions, enabling proactive remediation before remote exploitation via crafted websites or URLs.

SI-5 Security Alerts, Advisories, and Directives good match

prevent

Monitors and disseminates security alerts and advisories about CVE-2025-1244, ensuring awareness and timely action on available patches for the Emacs command injection flaw.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

CVE enables client-side exploitation of Emacs via malicious URL to achieve Unix shell command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or…

an HTTP URL with a redirect.

Deeper analysisAI

CVE-2025-1244 is a command injection vulnerability (CWE-78) discovered in the text editor Emacs. Published on 2025-02-12, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H), indicating high severity due to its network accessibility, low attack complexity, lack of required privileges, and high impacts on confidentiality, integrity, and availability.

A remote, unauthenticated attacker can exploit the vulnerability by tricking a user into visiting a specially crafted website or an HTTP URL containing a redirect. Successful exploitation enables the attacker to execute arbitrary shell commands on the vulnerable system.

Red Hat has issued multiple security errata addressing this issue in affected products, including RHSA-2025:1915, RHSA-2025:1917, RHSA-2025:1961, RHSA-2025:1962, and RHSA-2025:1963, which provide updated packages to mitigate the vulnerability.