CVE-2025-65480

HIGH

Pacom Unison Client 5.13.1 - Authenticated Remote Code Execution via Report Template Script Injection

Title source: llm

Description

An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution.

References (2)

Core 2

Core References

Various Sources

http://pacom.com

Various Sources

https://github.com/derekyjj/vulnerability-research/tree/main/CVE-2025-65480

View Writeup ZIP pw:eip

Scores

CVSS v3 8.8

EPSS 0.0071

EPSS Percentile 48.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Published Feb 11, 2026

Tracked Since Feb 18, 2026