Search
Find a vulnerability
Search criteria
2 vulnerabilities found for kottster by kottster
CVE-2025-62713 (GCVE-0-2025-62713)
Vulnerability from nvd – Published: 2025-10-23 16:15 – Updated: 2025-10-23 16:40
VLAI
Title
Kottster app reinitialization can be re-triggered allowing command injection in development mode
Summary
Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been fixed in version 3.3.2.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/kottster/kottster/security/adv… | x_refsource_CONFIRM |
| https://github.com/kottster/kottster/commit/0a7d2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62713",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T16:40:41.498146Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T16:40:52.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kottster",
"vendor": "kottster",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.2.0, \u003c 3.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been fixed in version 3.3.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T16:15:14.696Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kottster/kottster/security/advisories/GHSA-j3w7-9qc3-g96p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kottster/kottster/security/advisories/GHSA-j3w7-9qc3-g96p"
},
{
"name": "https://github.com/kottster/kottster/commit/0a7d24922a23aac98372155348787670937eef89",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kottster/kottster/commit/0a7d24922a23aac98372155348787670937eef89"
}
],
"source": {
"advisory": "GHSA-j3w7-9qc3-g96p",
"discovery": "UNKNOWN"
},
"title": "Kottster app reinitialization can be re-triggered allowing command injection in development mode"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62713",
"datePublished": "2025-10-23T16:15:14.696Z",
"dateReserved": "2025-10-20T19:41:22.740Z",
"dateUpdated": "2025-10-23T16:40:52.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62713 (GCVE-0-2025-62713)
Vulnerability from cvelistv5 – Published: 2025-10-23 16:15 – Updated: 2025-10-23 16:40
VLAI
Title
Kottster app reinitialization can be re-triggered allowing command injection in development mode
Summary
Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been fixed in version 3.3.2.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/kottster/kottster/security/adv… | x_refsource_CONFIRM |
| https://github.com/kottster/kottster/commit/0a7d2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62713",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T16:40:41.498146Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T16:40:52.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kottster",
"vendor": "kottster",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.2.0, \u003c 3.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been fixed in version 3.3.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T16:15:14.696Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kottster/kottster/security/advisories/GHSA-j3w7-9qc3-g96p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kottster/kottster/security/advisories/GHSA-j3w7-9qc3-g96p"
},
{
"name": "https://github.com/kottster/kottster/commit/0a7d24922a23aac98372155348787670937eef89",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kottster/kottster/commit/0a7d24922a23aac98372155348787670937eef89"
}
],
"source": {
"advisory": "GHSA-j3w7-9qc3-g96p",
"discovery": "UNKNOWN"
},
"title": "Kottster app reinitialization can be re-triggered allowing command injection in development mode"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62713",
"datePublished": "2025-10-23T16:15:14.696Z",
"dateReserved": "2025-10-20T19:41:22.740Z",
"dateUpdated": "2025-10-23T16:40:52.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}