CVE-2025-4866

MEDIUM

weibocom rill-flow 0.1.18 - Remote Code Injection in Management Console

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-4866. PoCs published by bloodcode-spasov.

AI-analyzed exploit summary The repository contains a vague README with no technical details or exploit code, only marketing-like language and a reference to an external 'public PoC'. No actual exploit or analysis is provided.

Description

A vulnerability was found in weibocom rill-flow 0.1.18. It has been classified as critical. Affected is an unknown function of the component Management Console. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec SUSPICIOUS 3 stars
by bloodcode-spasov · poc
https://github.com/bloodcode-spasov/ble-cve2025-attack-new-version

The repository contains a vague README with no technical details or exploit code, only marketing-like language and a reference to an external 'public PoC'. No actual exploit or analysis is provided.

Classification
Suspicious 90%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: Android BLE (unspecified version)
No auth needed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
https://vuldb.com/?id.309408
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.309408
Exploit, Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.575478
Exploit, Issue Tracking issue-tracking
https://github.com/weibocom/rill-flow/issues/102

Scores

CVSS v3 6.3
EPSS 0.0051
EPSS Percentile 39.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-74 CWE-94
Status published
Products (1)
weibo/rill-flow 0.1.18
Published May 18, 2025
Tracked Since Feb 18, 2026