Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Builds for Red Hat OpenShift 1.3.2 by Red Hat

    CVE-2025-1244 (GCVE-0-2025-1244)

    Vulnerability from nvd – Published: 2025-02-12 14:27 – Updated: 2026-06-29 20:27
    VLAI
    Title
    Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme
    Summary
    A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 29.4.0 (semver)
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 1:24.3-23.el7_9.2 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 1:26.1-13.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 1:26.1-5.el8_2.3 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 1:26.1-5.el8_4.3 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 1:26.1-5.el8_4.3 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 1:26.1-5.el8_4.3 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 1:26.1-7.el8_6.6 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 1:26.1-7.el8_6.6 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 1:26.1-7.el8_6.6 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 1:26.1-10.el8_8.7 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 1:27.2-11.el9_5.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 1:27.2-6.el9_0.2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 1:27.2-8.el9_2.2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 1:27.2-10.el9_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Builds for Red Hat OpenShift 1.3.2 Unaffected: 1.3.1-1741784043 , < * (rpm)
        cpe:/a:redhat:openshift_builds:1.3::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-02-12 00:00
    Credits
    Red Hat would like to thank Vasilij Schneidermann (CODE WHITE) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1244",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-12T14:50:47.050392Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T15:21:21.499Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:57:08.032Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390"
              },
              {
                "url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/03/01/2"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00033.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://git.savannah.gnu.org/cgit/emacs.git/",
              "defaultStatus": "unaffected",
              "packageName": "emacs",
              "versions": [
                {
                  "lessThan": "29.4.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:24.3-23.el7_9.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:26.1-13.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:26.1-13.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:26.1-5.el8_2.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:26.1-5.el8_4.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:26.1-5.el8_4.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:26.1-5.el8_4.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:26.1-7.el8_6.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:26.1-7.el8_6.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:26.1-7.el8_6.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:26.1-10.el8_8.7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:27.2-11.el9_5.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:27.2-6.el9_0.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:27.2-8.el9_2.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:27.2-10.el9_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_builds:1.3::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-builds/openshift-builds-git-cloner-rhel9",
              "product": "Builds for Red Hat OpenShift 1.3.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.3.1-1741784043",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Vasilij Schneidermann (CODE WHITE) for reporting this issue."
            }
          ],
          "datePublic": "2025-02-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:27:39.061Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:1915",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1915"
            },
            {
              "name": "RHSA-2025:1917",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1917"
            },
            {
              "name": "RHSA-2025:1961",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1961"
            },
            {
              "name": "RHSA-2025:1962",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1962"
            },
            {
              "name": "RHSA-2025:1963",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1963"
            },
            {
              "name": "RHSA-2025:1964",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1964"
            },
            {
              "name": "RHSA-2025:2022",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2022"
            },
            {
              "name": "RHSA-2025:2130",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2130"
            },
            {
              "name": "RHSA-2025:2157",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2157"
            },
            {
              "name": "RHSA-2025:2195",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2195"
            },
            {
              "name": "RHSA-2025:2754",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2754"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-1244"
            },
            {
              "name": "RHBZ#2345150",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345150"
            },
            {
              "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=820f0793f0b46448928905552726c1f1b999062f"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-02-12T07:05:48.841Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-02-12T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Emacs: shell injection vulnerability in gnu emacs via custom \"man\" uri scheme",
          "workarounds": [
            {
              "lang": "en",
              "value": "There is no an existing or known mitigation for this issue without disabling part of the Emacs core functionality. However, by avoiding opening or view untrusted files, websites, HTTP URLs or other URI resources with Emacs would reduce or prevent the risk of performing this attack successfully."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-1244",
        "datePublished": "2025-02-12T14:27:45.707Z",
        "dateReserved": "2025-02-12T07:32:23.452Z",
        "dateUpdated": "2026-06-29T20:27:39.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-1244 (GCVE-0-2025-1244)

    Vulnerability from cvelistv5 – Published: 2025-02-12 14:27 – Updated: 2026-06-29 20:27
    VLAI
    Title
    Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme
    Summary
    A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 29.4.0 (semver)
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 1:24.3-23.el7_9.2 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 1:26.1-13.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 1:26.1-5.el8_2.3 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.2::appstream
        cpe:/o:redhat:rhel_aus:8.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 1:26.1-5.el8_4.3 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 1:26.1-5.el8_4.3 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 1:26.1-5.el8_4.3 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_e4s:8.4::appstream
        cpe:/a:redhat:rhel_tus:8.4::appstream
        cpe:/o:redhat:rhel_aus:8.4::baseos
        cpe:/o:redhat:rhel_e4s:8.4::baseos
        cpe:/o:redhat:rhel_tus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 1:26.1-7.el8_6.6 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 1:26.1-7.el8_6.6 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 1:26.1-7.el8_6.6 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_e4s:8.6::appstream
        cpe:/a:redhat:rhel_tus:8.6::appstream
        cpe:/o:redhat:rhel_aus:8.6::baseos
        cpe:/o:redhat:rhel_e4s:8.6::baseos
        cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 1:26.1-10.el8_8.7 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
        cpe:/o:redhat:rhel_eus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 1:27.2-11.el9_5.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 1:27.2-6.el9_0.2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 1:27.2-8.el9_2.2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 1:27.2-10.el9_4.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Builds for Red Hat OpenShift 1.3.2 Unaffected: 1.3.1-1741784043 , < * (rpm)
        cpe:/a:redhat:openshift_builds:1.3::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2025-02-12 00:00
    Credits
    Red Hat would like to thank Vasilij Schneidermann (CODE WHITE) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1244",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-12T14:50:47.050392Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T15:21:21.499Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:57:08.032Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390"
              },
              {
                "url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/03/01/2"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00033.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://git.savannah.gnu.org/cgit/emacs.git/",
              "defaultStatus": "unaffected",
              "packageName": "emacs",
              "versions": [
                {
                  "lessThan": "29.4.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:24.3-23.el7_9.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:26.1-13.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:26.1-13.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.2::appstream",
                "cpe:/o:redhat:rhel_aus:8.2::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:26.1-5.el8_2.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:26.1-5.el8_4.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:26.1-5.el8_4.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_e4s:8.4::appstream",
                "cpe:/a:redhat:rhel_tus:8.4::appstream",
                "cpe:/o:redhat:rhel_aus:8.4::baseos",
                "cpe:/o:redhat:rhel_e4s:8.4::baseos",
                "cpe:/o:redhat:rhel_tus:8.4::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:26.1-5.el8_4.3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:26.1-7.el8_6.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:26.1-7.el8_6.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_e4s:8.6::appstream",
                "cpe:/a:redhat:rhel_tus:8.6::appstream",
                "cpe:/o:redhat:rhel_aus:8.6::baseos",
                "cpe:/o:redhat:rhel_e4s:8.6::baseos",
                "cpe:/o:redhat:rhel_tus:8.6::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:26.1-7.el8_6.6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream",
                "cpe:/o:redhat:rhel_eus:8.8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:26.1-10.el8_8.7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:27.2-11.el9_5.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:27.2-6.el9_0.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:27.2-8.el9_2.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:27.2-10.el9_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_builds:1.3::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-builds/openshift-builds-git-cloner-rhel9",
              "product": "Builds for Red Hat OpenShift 1.3.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.3.1-1741784043",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "emacs",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Vasilij Schneidermann (CODE WHITE) for reporting this issue."
            }
          ],
          "datePublic": "2025-02-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:27:39.061Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:1915",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1915"
            },
            {
              "name": "RHSA-2025:1917",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1917"
            },
            {
              "name": "RHSA-2025:1961",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1961"
            },
            {
              "name": "RHSA-2025:1962",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1962"
            },
            {
              "name": "RHSA-2025:1963",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1963"
            },
            {
              "name": "RHSA-2025:1964",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1964"
            },
            {
              "name": "RHSA-2025:2022",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2022"
            },
            {
              "name": "RHSA-2025:2130",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2130"
            },
            {
              "name": "RHSA-2025:2157",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2157"
            },
            {
              "name": "RHSA-2025:2195",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2195"
            },
            {
              "name": "RHSA-2025:2754",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2754"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-1244"
            },
            {
              "name": "RHBZ#2345150",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345150"
            },
            {
              "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=820f0793f0b46448928905552726c1f1b999062f"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-02-12T07:05:48.841Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-02-12T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Emacs: shell injection vulnerability in gnu emacs via custom \"man\" uri scheme",
          "workarounds": [
            {
              "lang": "en",
              "value": "There is no an existing or known mitigation for this issue without disabling part of the Emacs core functionality. However, by avoiding opening or view untrusted files, websites, HTTP URLs or other URI resources with Emacs would reduce or prevent the risk of performing this attack successfully."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-1244",
        "datePublished": "2025-02-12T14:27:45.707Z",
        "dateReserved": "2025-02-12T07:32:23.452Z",
        "dateUpdated": "2026-06-29T20:27:39.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }