CVE-2025-1244 - Vulnerability Details

A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Redhat	Enterprise Linux Openshift Builds Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7 Extended Lifecycle Support
emacs-1:24.3-23.el7_9.2	cpe:/o:redhat:rhel_els:7	RHSA-2025:2130	2025-03-03T00:00:00Z
Red Hat Enterprise Linux 8
emacs-1:26.1-13.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:1917	2025-02-27T00:00:00Z
emacs-1:26.1-13.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2025:1917	2025-02-27T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
emacs-1:26.1-5.el8_2.3	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:2157	2025-03-03T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
emacs-1:26.1-5.el8_4.3	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:1963	2025-03-03T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
emacs-1:26.1-5.el8_4.3	cpe:/a:redhat:rhel_tus:8.4	RHSA-2025:1963	2025-03-03T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
emacs-1:26.1-5.el8_4.3	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2025:1963	2025-03-03T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
emacs-1:26.1-7.el8_6.6	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:1961	2025-03-03T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
emacs-1:26.1-7.el8_6.6	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:1961	2025-03-03T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
emacs-1:26.1-7.el8_6.6	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:1961	2025-03-03T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
emacs-1:26.1-10.el8_8.7	cpe:/a:redhat:rhel_eus:8.8	RHSA-2025:1962	2025-03-03T00:00:00Z
Red Hat Enterprise Linux 9
emacs-1:27.2-11.el9_5.1	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:1915	2025-02-27T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
emacs-1:27.2-6.el9_0.2	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:2022	2025-03-03T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
emacs-1:27.2-8.el9_2.2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:1964	2025-03-03T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
emacs-1:27.2-10.el9_4.1	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:2195	2025-03-04T00:00:00Z
Builds for Red Hat OpenShift 1.3.1
registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9:sha256:02dfa9ff3833810645246f3af3ef89c2ea6794b61f3cdfe0929596ebf5bf042f	cpe:/a:redhat:openshift_builds:1.3::el9	RHSA-2025:2754	2025-03-13T00:00:00Z

References

Link	Providers
http://www.openwall.com/lists/oss-security/2025/03/01/2
https://access.redhat.com/errata/RHSA-2025:1915
https://access.redhat.com/errata/RHSA-2025:1917
https://access.redhat.com/errata/RHSA-2025:1961
https://access.redhat.com/errata/RHSA-2025:1962
https://access.redhat.com/errata/RHSA-2025:1963
https://access.redhat.com/errata/RHSA-2025:1964
https://access.redhat.com/errata/RHSA-2025:2022
https://access.redhat.com/errata/RHSA-2025:2130
https://access.redhat.com/errata/RHSA-2025:2157
https://access.redhat.com/errata/RHSA-2025:2195
https://access.redhat.com/errata/RHSA-2025:2754
https://access.redhat.com/security/cve/CVE-2025-1244
https://bugzilla.redhat.com/show_bug.cgi?id=2345150
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1
https://nvd.nist.gov/vuln/detail/CVE-2025-1244
https://www.cve.org/CVERecord?id=CVE-2025-1244

History

Thu, 13 Mar 2025 13:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Builds
CPEs		cpe:/a:redhat:openshift_builds:1.3::el9
Vendors & Products		Redhat openshift Builds
References		https://access.redhat.com/errata/RHSA-2025:2754

Tue, 04 Mar 2025 15:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:9.4

Tue, 04 Mar 2025 08:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:9.4::appstream
References		https://access.redhat.com/errata/RHSA-2025:2195

Tue, 04 Mar 2025 03:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_aus:8.2

Mon, 03 Mar 2025 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Els
CPEs	~~cpe:/o:redhat:enterprise_linux:7~~	cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat rhel Els
References		https://access.redhat.com/errata/RHSA-2025:2130

Mon, 03 Mar 2025 18:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/o:redhat:rhel_aus:8.2::baseos
References		https://access.redhat.com/errata/RHSA-2025:2157

Mon, 03 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_tus:8.4 cpe:/a:redhat:rhel_tus:8.6

Mon, 03 Mar 2025 11:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_e4s:9.0::appstream
References		https://access.redhat.com/errata/RHSA-2025:2022

Mon, 03 Mar 2025 08:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:8.8::appstream cpe:/o:redhat:rhel_eus:8.8::baseos
References		https://access.redhat.com/errata/RHSA-2025:1962

Mon, 03 Mar 2025 02:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_eus:9.2::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos
Vendors & Products		Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2025:1963 https://access.redhat.com/errata/RHSA-2025:1964

Mon, 03 Mar 2025 01:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus
CPEs		cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Vendors & Products		Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2025:1961

Sat, 01 Mar 2025 21:45:00 +0000

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2025/03/01/2

Sat, 01 Mar 2025 06:45:00 +0000

Type	Values Removed	Values Added
References		https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390 https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1

Thu, 27 Feb 2025 15:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:8

Thu, 27 Feb 2025 11:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:8~~	cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
References		https://access.redhat.com/errata/RHSA-2025:1917

Thu, 27 Feb 2025 10:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~	cpe:/a:redhat:enterprise_linux:9::appstream
References		https://access.redhat.com/errata/RHSA-2025:1915

Wed, 19 Feb 2025 18:45:00 +0000

Type	Values Removed	Values Added
Description	A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.	A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

Wed, 12 Feb 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 12 Feb 2025 14:30:00 +0000

Type	Values Removed	Values Added
Description	No description is available for this CVE.	A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.
Title	emacs: Shell Injection Vulnerability in GNU Emacs via Custom "man" URI Scheme	Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2025-1244 https://bugzilla.redhat.com/show_bug.cgi?id=2345150

Wed, 12 Feb 2025 13:45:00 +0000

Type	Values Removed	Values Added
Description		No description is available for this CVE.
Title		emacs: Shell Injection Vulnerability in GNU Emacs via Custom "man" URI Scheme
Weaknesses		CWE-78
References		https://nvd.nist.gov/vuln/detail/CVE-2025-1244 https://www.cve.org/CVERecord?id=CVE-2025-1244
Metrics	threat_severity `None`	cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}` threat_severity `Important`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-02-12T14:27:45.707Z

Updated: 2025-03-15T08:50:32.937Z

Reserved: 2025-02-12T07:32:23.452Z

Link: CVE-2025-1244

Vulnrichment

Updated: 2025-03-01T21:02:26.923Z

NVD

Status : Awaiting Analysis

Published: 2025-02-12T15:15:18.430

Modified: 2025-03-13T14:15:34.977

Link: CVE-2025-1244

Redhat

Severity : Important

Publid Date: 2025-02-12T00:00:00Z

Links: CVE-2025-1244 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1244", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-02-12T07:32:23.452Z", "datePublished": "2025-02-12T14:27:45.707Z", "dateUpdated": "2025-03-15T08:50:32.937Z"}, "containers": {"cna": {"title": "Emacs: shell injection vulnerability in gnu emacs via custom \"man\" uri scheme", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "29.4.0", "versionType": "semver"}], "packageName": "emacs", "collectionURL": "https://git.savannah.gnu.org/cgit/emacs.git/", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "emacs", "defaultStatus": "affected", "versions": [{"version": "1:24.3-23.el7_9.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_els:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "emacs", "defaultStatus": "affected", "versions": [{"version": "1:26.1-13.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "emacs", "defaultStatus": "affected", "versions": [{"version": "1:26.1-13.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "emacs", "defaultStatus": "affected", "versions": [{"version": "1:26.1-5.el8_2.3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "emacs", "defaultStatus": "affected", "versions": [{"version": "1:26.1-5.el8_4.3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_tus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "emacs", "defaultStatus": "affected", "versions": [{"version": "1:26.1-5.el8_4.3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_tus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "emacs", "defaultStatus": "affected", "versions": [{"version": "1:26.1-5.el8_4.3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_tus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "emacs", "defaultStatus": "affected", "versions": [{"version": "1:26.1-7.el8_6.6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/o:redhat:rhel_tus:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "emacs", "defaultStatus": "affected", "versions": [{"version": "1:26.1-7.el8_6.6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/o:redhat:rhel_tus:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "emacs", "defaultStatus": "affected", "versions": [{"version": "1:26.1-7.el8_6.6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/o:redhat:rhel_tus:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "emacs", "defaultStatus": "affected", "versions": [{"version": "1:26.1-10.el8_8.7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream", "cpe:/o:redhat:rhel_eus:8.8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "emacs", "defaultStatus": "affected", "versions": [{"version": "1:27.2-11.el9_5.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "emacs", "defaultStatus": "affected", "versions": [{"version": "1:27.2-6.el9_0.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:9.0::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "emacs", "defaultStatus": "affected", "versions": [{"version": "1:27.2-8.el9_2.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "emacs", "defaultStatus": "affected", "versions": [{"version": "1:27.2-10.el9_4.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.4::appstream"]}, {"vendor": "Red Hat", "product": "Builds for Red Hat OpenShift 1.3.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9", "defaultStatus": "affected", "versions": [{"version": "sha256:8bb5f5d121a135ddd3c3038167b2bed668efe4f2d2c69a6e7e1bb5671c9e3043", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_builds:1.3::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "emacs", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:1915", "name": "RHSA-2025:1915", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1917", "name": "RHSA-2025:1917", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1961", "name": "RHSA-2025:1961", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1962", "name": "RHSA-2025:1962", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1963", "name": "RHSA-2025:1963", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1964", "name": "RHSA-2025:1964", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2022", "name": "RHSA-2025:2022", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2130", "name": "RHSA-2025:2130", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2157", "name": "RHSA-2025:2157", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2195", "name": "RHSA-2025:2195", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2754", "name": "RHSA-2025:2754", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-1244", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345150", "name": "RHBZ#2345150", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2025-02-12T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "workarounds": [{"lang": "en", "value": "There is no an existing or known mitigation for this issue without disabling part of the Emacs core functionality. However, by avoiding opening or view untrusted files, websites, HTTP URLs or other URI resources with Emacs would reduce or prevent the risk of performing this attack successfully."}], "timeline": [{"lang": "en", "time": "2025-02-12T07:05:48.841000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-02-12T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Vasilij Schneidermann (CODE WHITE) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-03-15T08:50:32.937Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-12T14:50:47.050392Z", "id": "CVE-2025-1244", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T15:21:21.499Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390"}, {"url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1"}, {"url": "http://www.openwall.com/lists/oss-security/2025/03/01/2"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-03-01T21:02:26.923Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390"}, {"url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1"}, {"url": "http://www.openwall.com/lists/oss-security/2025/03/01/2"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-03-01T21:02:26.923Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1244", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-12T14:50:47.050392Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T15:18:47.211Z"}}], "cna": {"title": "Emacs: shell injection vulnerability in gnu emacs via custom \"man\" uri scheme", "credits": [{"lang": "en", "value": "Red Hat would like to thank Vasilij Schneidermann (CODE WHITE) for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "29.4.0", "versionType": "semver"}], "packageName": "emacs", "collectionURL": "https://git.savannah.gnu.org/cgit/emacs.git/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:rhel_els:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "versions": [{"status": "unaffected", "version": "1:24.3-23.el7_9.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "emacs", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "1:26.1-13.el8_10", "lessThan": "*", "versionType": "rpm"}], "packageName": "emacs", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "1:26.1-13.el8_10", "lessThan": "*", "versionType": "rpm"}], "packageName": "emacs", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/a:redhat:rhel_aus:8.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "versions": [{"status": "unaffected", "version": "1:26.1-5.el8_2.3", "lessThan": "*", "versionType": "rpm"}], "packageName": "emacs", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_tus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "1:26.1-5.el8_4.3", "lessThan": "*", "versionType": "rpm"}], "packageName": "emacs", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_tus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "1:26.1-5.el8_4.3", "lessThan": "*", "versionType": "rpm"}], "packageName": "emacs", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_tus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "1:26.1-5.el8_4.3", "lessThan": "*", "versionType": "rpm"}], "packageName": "emacs", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/o:redhat:rhel_tus:8.6::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "1:26.1-7.el8_6.6", "lessThan": "*", "versionType": "rpm"}], "packageName": "emacs", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/o:redhat:rhel_tus:8.6::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "1:26.1-7.el8_6.6", "lessThan": "*", "versionType": "rpm"}], "packageName": "emacs", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/o:redhat:rhel_tus:8.6::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "1:26.1-7.el8_6.6", "lessThan": "*", "versionType": "rpm"}], "packageName": "emacs", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream", "cpe:/o:redhat:rhel_eus:8.8::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "versions": [{"status": "unaffected", "version": "1:26.1-10.el8_8.7", "lessThan": "*", "versionType": "rpm"}], "packageName": "emacs", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "1:27.2-11.el9_5.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "emacs", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:9.0::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "1:27.2-6.el9_0.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "emacs", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "versions": [{"status": "unaffected", "version": "1:27.2-8.el9_2.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "emacs", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "versions": [{"status": "unaffected", "version": "1:27.2-10.el9_4.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "emacs", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_builds:1.3::el9"], "vendor": "Red Hat", "product": "Builds for Red Hat OpenShift 1.3.1", "versions": [{"status": "unaffected", "version": "sha256:8bb5f5d121a135ddd3c3038167b2bed668efe4f2d2c69a6e7e1bb5671c9e3043", "lessThan": "*", "versionType": "rpm"}], "packageName": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "emacs", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}], "timeline": [{"lang": "en", "time": "2025-02-12T07:05:48.841000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-02-12T00:00:00+00:00", "value": "Made public."}], "datePublic": "2025-02-12T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:1915", "name": "RHSA-2025:1915", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1917", "name": "RHSA-2025:1917", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1961", "name": "RHSA-2025:1961", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1962", "name": "RHSA-2025:1962", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1963", "name": "RHSA-2025:1963", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1964", "name": "RHSA-2025:1964", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2022", "name": "RHSA-2025:2022", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2130", "name": "RHSA-2025:2130", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2157", "name": "RHSA-2025:2157", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2195", "name": "RHSA-2025:2195", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2754", "name": "RHSA-2025:2754", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-1244", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345150", "name": "RHBZ#2345150", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "There is no an existing or known mitigation for this issue without disabling part of the Emacs core functionality. However, by avoiding opening or view untrusted files, websites, HTTP URLs or other URI resources with Emacs would reduce or prevent the risk of performing this attack successfully."}], "descriptions": [{"lang": "en", "value": "A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-03-15T08:50:32.937Z"}, "x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}}, "cveMetadata": {"cveId": "CVE-2025-1244", "state": "PUBLISHED", "dateUpdated": "2025-03-15T08:50:32.937Z", "dateReserved": "2025-02-12T07:32:23.452Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-02-12T14:27:45.707Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en el editor de texto de Emacs. La gesti\u00f3n inadecuada de esquemas de URL \"man\" personalizados permite a los atacantes ejecutar comandos de shell arbitrarios enga\u00f1ando a los usuarios para que visiten un sitio web especialmente manipulado o una URL HTTP con una redirecci\u00f3n."}], "id": "CVE-2025-1244", "lastModified": "2025-03-13T14:15:34.977", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2025-02-12T15:15:18.430", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1915"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1917"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1961"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1962"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1963"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1964"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:2022"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:2130"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:2157"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:2195"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:2754"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2025-1244"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345150"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/03/01/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Vasilij Schneidermann (CODE WHITE) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2025:2130", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "emacs-1:24.3-23.el7_9.2", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:1917", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "emacs-1:26.1-13.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-02-27T00:00:00Z"}, {"advisory": "RHSA-2025:1917", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "emacs-1:26.1-13.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-02-27T00:00:00Z"}, {"advisory": "RHSA-2025:2157", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "emacs-1:26.1-5.el8_2.3", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:1963", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "emacs-1:26.1-5.el8_4.3", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:1963", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "emacs-1:26.1-5.el8_4.3", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:1963", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "emacs-1:26.1-5.el8_4.3", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:1961", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "emacs-1:26.1-7.el8_6.6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:1961", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "emacs-1:26.1-7.el8_6.6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:1961", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "emacs-1:26.1-7.el8_6.6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:1962", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "emacs-1:26.1-10.el8_8.7", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:1915", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "emacs-1:27.2-11.el9_5.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-02-27T00:00:00Z"}, {"advisory": "RHSA-2025:2022", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "emacs-1:27.2-6.el9_0.2", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:1964", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "emacs-1:27.2-8.el9_2.2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:2195", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "emacs-1:27.2-10.el9_4.1", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-03-04T00:00:00Z"}, {"advisory": "RHSA-2025:2754", "cpe": "cpe:/a:redhat:openshift_builds:1.3::el9", "package": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9:sha256:02dfa9ff3833810645246f3af3ef89c2ea6794b61f3cdfe0929596ebf5bf042f", "product_name": "Builds for Red Hat OpenShift 1.3.1", "release_date": "2025-03-13T00:00:00Z"}], "bugzilla": {"description": "emacs: Shell Injection Vulnerability in GNU Emacs via Custom \"man\" URI Scheme", "id": "2345150", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345150"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-78", "details": ["A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.", "A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect."], "mitigation": {"lang": "en:us", "value": "There is no an existing or known mitigation for this issue without disabling part of the Emacs core functionality. However, by avoiding opening or view untrusted files, websites, HTTP URLs or other URI resources with Emacs would reduce or prevent the risk of performing this attack successfully."}, "name": "CVE-2025-1244", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2025-02-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-1244\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-1244"], "statement": "To exploit this flaw, an attacker needs to trick a user into visiting a specially crafted website, an HTTP URL with a redirect or in general a custom man URI schemes. In order to exploit this vulnerability a user action is required, limiting the possibility of this issue to be exploited.", "threat_severity": "Important"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object