{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-48868","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2025-05-27T20:14:34.295Z","datePublished":"2025-09-24T13:51:04.834Z","dateUpdated":"2025-09-24T18:45:55.219Z"},"containers":{"cna":{"title":"Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive","problemTypes":[{"descriptions":[{"cweId":"CWE-95","lang":"en","description":"CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"name":"https://github.com/horilla-opensource/horilla/security/advisories/GHSA-h6qj-pwmx-wjhw","tags":["x_refsource_CONFIRM"],"url":"https://github.com/horilla-opensource/horilla/security/advisories/GHSA-h6qj-pwmx-wjhw"},{"name":"https://github.com/horilla-opensource/horilla/commit/b0aab62b3a5fe6b7114b5c58db129b3744b4d8cc","tags":["x_refsource_MISC"],"url":"https://github.com/horilla-opensource/horilla/commit/b0aab62b3a5fe6b7114b5c58db129b3744b4d8cc"},{"name":"https://drive.google.com/file/d/1XQAJilt77QxkjGEa94CsZRqZIZXa3ET9/view?usp=sharing","tags":["x_refsource_MISC"],"url":"https://drive.google.com/file/d/1XQAJilt77QxkjGEa94CsZRqZIZXa3ET9/view?usp=sharing"},{"name":"https://drive.google.com/file/d/1hnI9AK3fnpVrTlTRF7aRJsKhZCDIm2Ve/view?usp=sharing","tags":["x_refsource_MISC"],"url":"https://drive.google.com/file/d/1hnI9AK3fnpVrTlTRF7aRJsKhZCDIm2Ve/view?usp=sharing"}],"affected":[{"vendor":"horilla-opensource","product":"horilla","versions":[{"version":"= 1.3.0","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2025-09-24T13:51:04.834Z"},"descriptions":[{"lang":"en","value":"Horilla is a free and open source Human Resource Management System (HRMS). An authenticated Remote Code Execution (RCE) vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval() function on a user-controlled query parameter in the project_bulk_archive view. This allows privileged users (e.g., administrators) to execute arbitrary system commands on the server. While having Django’s DEBUG=True makes exploitation visibly easier by returning command output in the HTTP response, this is not required. The vulnerability can still be exploited in DEBUG=False mode by using blind payloads such as a reverse shell, leading to full remote code execution. This issue has been patched in version 1.3.1."}],"source":{"advisory":"GHSA-h6qj-pwmx-wjhw","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-24T18:45:44.475358Z","id":"CVE-2025-48868","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-24T18:45:55.219Z"}}]}}