Skip to main content
CVE-2021-25294 CRITICAL POC PATCH THREAT Act Now

OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE PHP Opencats
NVD GitHub
CVSS 3.1
9.8
EPSS
10.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy