CVE-2025-5525
Published: 03 June 2025
Summary
CVE-2025-5525 is a medium-severity Command Injection (CWE-77) vulnerability in Jrohy Trojan. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 12.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2025-5525 is an OS command injection vulnerability in Jrohy trojan versions up to 2.15.3. It resides in the LogChan function within the trojan/util/linux.go file, where unsanitized input to the argument c is passed to operating system commands. The issue is tracked under CWE-77 and CWE-78 and carries a CVSS 4.0 score of 6.3 reflecting network attack vector, high attack complexity, and limited impacts to confidentiality, integrity, and availability.
An unauthenticated remote attacker can supply crafted input to trigger command execution. Although the attack requires high complexity and is considered difficult to exploit in practice, the vector is remotely accessible without user interaction or privileges, allowing an adversary to run arbitrary operating system commands on the affected host.
Public proof-of-concept code has been released on GitHub demonstrating the injection, and the vulnerability was disclosed through Vuldb. The associated EPSS score has remained flat at 0.0317 with no material increase since publication, indicating limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-16782
Vulnerability details
A vulnerability was found in Jrohy trojan up to 2.15.3. It has been declared as critical. This vulnerability affects the function LogChan of the file trojan/util/linux.go. The manipulation of the argument c leads to os command injection. The attack can…
more
be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The OS command injection (CWE-78) in LogChan function of Jrohy trojan on Linux enables remote unauthenticated execution of arbitrary Unix shell commands, directly mapping to T1059.004 (Unix Shell) and T1202 (Indirect Command Execution) as noted in advisories.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.