Cyber Resilience

CVE-2025-63916

HighPublic PoCRCE

Published: 17 November 2025

Published
17 November 2025
Modified
16 January 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0045 64.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-63916 is a high-severity OS Command Injection (CWE-78) vulnerability in Luotengyuan Myscreentools. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 35.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-63916, published on 2025-11-17, is a critical OS command injection vulnerability (CWE-78) in MyScreenTools v2.2.1.0. The flaw affects the GIF compression tool, where the CMD() function in GIFSicleTool\Form_gif_sicle_tool.cs fails to sanitize user-supplied file paths before concatenating them into shell commands executed via cmd.exe. This allows attackers to inject and execute arbitrary system commands with the privileges of the user running the application.

The vulnerability carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Low-privileged attackers can exploit it remotely over the network with low attack complexity and without requiring user interaction. Exploitation enables execution of arbitrary commands under the context of the application's user privileges, resulting in high impacts to confidentiality and integrity.

GitHub references provide details on the issue, including a vulnerability research write-up at https://github.com/cydtseng/Vulnerability-Research/blob/main/myscreentools/OSCommandInjection-GifCompression.md, the vulnerable source code in https://github.com/luotengyuan/MyScreenTools/blob/master/GIFSicleTool/Form_gif_sicle_tool.cs, and the MyScreenTools repository at https://github.com/luotengyuan/MyScreenTools/tree/master. No patches or specific mitigations are detailed in these references.

EU & UK References

Vulnerability details

MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the…

more

user running the application. The vulnerability exists in the CMD() function within GIFSicleTool\Form_gif_sicle_tool.cs, which constructs shell commands by concatenating unsanitized user input (file paths) and executes them via cmd.exe.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1059.003 Windows Command Shell Execution
Adversaries may abuse the Windows command shell for execution.
Why these techniques?

The OS command injection vulnerability directly enables exploitation for client execution (T1203) via a desktop application flaw and facilitates arbitrary command execution using Windows Command Shell (T1059.003) through unsanitized cmd.exe invocation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-56803Shared CWE-78
CVE-2026-22035Shared CWE-78
CVE-2026-32000Shared CWE-78
CVE-2026-28391Shared CWE-78
CVE-2026-30302Shared CWE-78
CVE-2026-24844Shared CWE-78
CVE-2025-1244Shared CWE-78
CVE-2025-11953Shared CWE-78
CVE-2026-7461Shared CWE-78
CVE-2026-31999Shared CWE-78

Affected Assets

luotengyuan
myscreentools
≤ 2.2.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and sanitization of user-supplied file paths in the CMD() function before concatenation into shell commands executed via cmd.exe, preventing the OS command injection vulnerability.

prevent

Mandates timely identification, reporting, and patching of the specific command injection flaw in MyScreenTools v2.2.1.0, eliminating the vulnerability upon remediation.

prevent

Enforces least privilege for the user context running MyScreenTools, limiting the impact and scope of arbitrary system commands executed through the injected file paths.

References