CVE-2025-4678

HIGH

Pandora ITSM <5.0.105 - Command Injection

Title source: llm

Description

Improper Neutralization of Special Elements in the chromium_path variable may allow OS command injection. This issue affects Pandora ITSM 5.0.105.

References (1)

Core 1

Core References

Various Sources

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

Scores

CVSS v4 7.0

EPSS 0.0151

EPSS Percentile 71.1%

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:M/U:Green

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Products (1)

Pandora FMS/Pandora ITSM 5.0.105 - 5.0.106

Published Jun 10, 2025

Tracked Since Feb 18, 2026