CVE-2025-56819

CRITICAL NUCLEI

Running-elephant Datart - OS Command Injection

Title source: rule

Description

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter.

Exploits (1)

nomisec WORKING POC 2 stars
by xyyzxc · poc
https://github.com/xyyzxc/CVE-2025-56819

Nuclei Templates (1)

Datart v1.0.0-rc.3 - Remote Code Execution
CRITICALVERIFIEDby Redmomn
Shodan: title:"Datart"
FOFA: title="Datart"

References (3)

Scores

CVSS v3 9.8
EPSS 0.0959
EPSS Percentile 92.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
running-elephant/datart 1.0.0 rc3
Published Sep 24, 2025
Tracked Since Feb 18, 2026