CVE-2025-65791

Published
View on NVD ↗
CVSS v3
9.8
CRITICAL
CVSS v2
N/A
Affected
1
PROJECT

Description

ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec() function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php.

rishavand1/CVE-2025-65791
rishavand1/CVE-2025-65791
CVE-2025-65791 — Command Injection in ZoneMinder
GitHubGitHub