Cyber Resilience

CVE-2025-1244

HighRCE

Published: 12 February 2025

Published
12 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0175 83.0th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1244 is a high-severity OS Command Injection (CWE-78) vulnerability in Gnu (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 17.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

A command injection vulnerability, tracked as CVE-2025-1244 and assigned CWE-78, affects the Emacs text editor. The flaw permits execution of arbitrary shell commands and carries a CVSS 3.1 score of 8.8, reflecting network attack vector, low complexity, no required privileges, and user-interaction requirements that still result in full confidentiality, integrity, and availability impact.

An unauthenticated remote attacker can exploit the issue by persuading a user to visit a malicious website or an HTTP URL that issues a redirect, causing Emacs to process attacker-controlled input and execute commands on the victim's system.

Red Hat has published multiple errata (RHSA-2025:1915, RHSA-2025:1917, RHSA-2025:1961, RHSA-2025:1962, and RHSA-2025:1963) that address the flaw; applying the corresponding package updates is the indicated mitigation.

EPSS remains flat at 0.0175 with no recorded rise after disclosure, and no evidence of in-the-wild exploitation is provided in the available data.

EU & UK References

Vulnerability details

A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or…

more

an HTTP URL with a redirect.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

CVE enables client-side exploitation of Emacs via malicious URL to achieve Unix shell command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-24844Shared CWE-78
CVE-2026-41015Shared CWE-78
CVE-2026-39862Shared CWE-78
CVE-2026-5485Shared CWE-78
CVE-2026-40030Shared CWE-78
CVE-2026-40032Shared CWE-78
CVE-2026-33412Shared CWE-78
CVE-2026-6849Shared CWE-78
CVE-2026-34714Shared CWE-78
CVE-2026-33874Shared CWE-78

Affected Assets

Gnu
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2025-1244 by requiring timely patching of the command injection vulnerability in Emacs as provided in vendor errata like RHSA-2025:1915.

prevent

Vulnerability scanning detects the presence of vulnerable Emacs versions, enabling proactive remediation before remote exploitation via crafted websites or URLs.

prevent

Monitors and disseminates security alerts and advisories about CVE-2025-1244, ensuring awareness and timely action on available patches for the Emacs command injection flaw.

References