CVE-2025-24962

HighPublic PoC

Published: 03 February 2025

Published

03 February 2025

Modified

13 May 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0168 82.3th percentile

Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24962 is a high-severity Injection (CWE-74) vulnerability in Yogeshojha Rengine. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 17.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Unix Shell (T1059.004). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents command injection by validating and sanitizing user input in the nmap_cmd parameter as recommended in the advisory.

SI-2 Flaw Remediation good match

prevent

Remediates the specific command injection flaw by updating reNgine to the patched version incorporating commit c28e5c8d.

RA-5 Vulnerability Monitoring and Scanning good match

detect

Scans for vulnerabilities like CVE-2025-24962 in reNgine to identify and prioritize remediation before exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

Command injection in nmap_cmd parameter enables arbitrary command execution on the host via the Unix shell interpreter.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned release. Users are advised…

to filter user input and monitor the project for a new release.

Deeper analysisAI

CVE-2025-24962 is a command injection vulnerability (CWE-74) in reNgine, an automated reconnaissance framework for web applications. The flaw allows a user to inject arbitrary commands through the nmap_cmd parameters in affected versions prior to the fix in commit c28e5c8d. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote exploitation with low complexity and privileges.

An authenticated user with low privileges can exploit this vulnerability over the network without user interaction by supplying malicious input via the nmap_cmd parameters. Successful exploitation enables arbitrary command execution on the host running reNgine, resulting in high impacts to confidentiality, integrity, and availability, such as data theft, system modification, or denial of service.

The issue has been addressed in GitHub commit c28e5c8d304478a787811580b4d80b330920ace4, with the fix expected in the next versioned release of reNgine. Security practitioners should update to the patched commit, implement input filtering for nmap_cmd and similar parameters, and monitor the project repository for the official release, as detailed in the GitHub security advisory GHSA-cg75-ph7x-5rr9.