{"dataType":"CVE_RECORD","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2025-59518","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2026-05-11T08:38:41.992Z","dateReserved":"2025-09-17T00:00:00.000Z","datePublished":"2025-09-17T00:00:00.000Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"LemonLDAP::NG","vendor":"lemonldap-ng","versions":[{"lessThan":"2.16.7","status":"affected","version":"0","versionType":"semver"},{"lessThan":"2.21.3","status":"affected","version":"2.17.0","versionType":"semver"}]}],"descriptions":[{"lang":"en","value":"In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-78","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2026-05-11T08:38:41.992Z"},"references":[{"url":"https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/3462"},{"url":"https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/228d01945d48015f3f9ea8a8dc64d7e6a27750e9"}],"x_generator":{"engine":"enrichogram 0.0.1"},"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lemonldap-ng:lemonldap\\:\\:ng:*:*:*:*:*:*:*:*","versionEndExcluding":"2.16.7"},{"vulnerable":true,"criteria":"cpe:2.3:a:lemonldap-ng:lemonldap\\:\\:ng:*:*:*:*:*:*:*:*","versionStartIncluding":"2.17.0","versionEndExcluding":"2.21.3"}]}]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-17T13:25:41.838580Z","id":"CVE-2025-59518","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-17T13:25:47.958Z"}}]},"dataVersion":"5.2"}