What is the CVSS score of CVE-2025-25038?

CVE-2025-25038 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 17.7%.

Which versions of Minidvblinux are affected by CVE-2025-25038?

MiniDVBLinux devices running version 5.4 and earlier are vulnerable to remote command execution as root without authentication, allowing attackers to gain complete control of affected systems.

Is there a public PoC exploit available for CVE-2025-25038?

Yes, a public proof-of-concept exploit is available for CVE-2025-25038. Prioritise patching immediately. EPSS: 17.7%.

How to fix or mitigate CVE-2025-25038?

Within 24 hours: Identify and inventory all MiniDVBLinux 5.4 and earlier instances, especially those exposed to the internet; immediately restrict network access to the web management interface via firewall rules. Within 7 days: Disable the web management interface if not actively required, or implement strict network access controls limiting access to trusted administrative networks only. Within 30 days: Upgrade to MiniDVBLinux 5.5 or later once available, or evaluate replacement with patched alternatives if upgrades are unavailable.

Minidvblinux CVE-2025-25038

EUVD-2025-18780 CRITICAL

OS Command Injection (CWE-78)

2025-06-20 disclosure@vulncheck.com

Command Injection Minidvblinux

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 00:19 euvd

EUVD-2025-18780

Analysis Generated

Mar 15, 2026 - 00:19 vuln.today

PoC Detected

Dec 22, 2025 - 17:46 vuln.today

Public exploit code

CVE Published

Jun 20, 2025 - 19:15 nvd

CRITICAL 9.8

DescriptionNVD

An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary commands as the root user, potentially compromising the entire device. Exploitation evidence was observed by the Shadowserver Foundation on 2024-04-10 UTC.

AnalysisAI

MiniDVBLinux version 5.4 and earlier contains an unauthenticated OS command injection in the web-based management interface. The DVB streaming platform fails to sanitize user input before passing it to operating system commands, enabling remote attackers to execute arbitrary commands on the media server.

Technical ContextAI

The web management interface passes user-supplied input directly to system commands without sanitization. MiniDVBLinux is used for DVB (Digital Video Broadcasting) streaming. The web interface is typically exposed on the local network for stream management.

RemediationAI

Update MiniDVBLinux or restrict web interface access to trusted management stations. Implement input sanitization on all web endpoints.

CVE-2025-25038 vulnerability details – vuln.today

Back

Minidvblinux CVE-2025-25038

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code