Skip to main content

Hestiacp CVE-2025-30007

| EUVDEUVD-2025-210452 HIGH
OS Command Injection (CWE-78)
2026-07-10 VulnCheck GHSA-5c2f-7vp3-pm3x
8.7
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (VulnCheck) · only source for this CVE.

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 10, 2026 - 18:59 vuln.today

DescriptionCVE.org

HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types. Attackers can exploit insufficient input validation in is_dns_record_format_valid() combined with unsafe eval-based parsing in update_domain_zone() to prematurely close a variable assignment string and achieve full root code execution on the underlying host in a single DNS record creation step.

AnalysisAI

Privilege escalation to root in the HestiaCP web hosting control panel (versions before 1.9.5) lets any low-privilege authenticated user run arbitrary OS commands as root by injecting a single-quote into an unvalidated DNS record type field. The flaw chains weak input validation in is_dns_record_format_valid() with unsafe eval-based zone parsing in update_domain_zone(), turning a routine DNS record creation into full host takeover. No public exploit is identified at time of analysis, but VulnCheck has published a detailed advisory and the vendor shipped a fix in 1.9.5.

Share

CVE-2025-30007 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy