How to fix EUVD-2025-19195?

Within 24 hours: Identify all affected systems running MHSanaei 3x-ui and apply vendor patches immediately. Monitor vendor channels for patch availability.

Is 3x Ui affected by EUVD-2025-19195?

Organizations using MHSanaei 3x-ui face critical risk from CVE-2025-29331 rated CVSS 9.8. Successful exploitation could critically impact the confidentiality, integrity, and availability of affected systems. Proof-of-concept code is publicly available, increasing the risk of exploitation.

EUVD-2025-19195

| CVE-2025-29331 CRITICAL

2025-06-26 [email protected]

RCE 3x Ui

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 23:54 euvd

EUVD-2025-19195

Analysis Generated

Mar 15, 2026 - 23:54 vuln.today

PoC Detected

Jul 10, 2025 - 14:49 vuln.today

Public exploit code

CVE Published

Jun 26, 2025 - 15:15 nvd

CRITICAL 9.8

DescriptionNVD

An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary code via the management script x-ui passes the no check certificate option to wget when downloading updates

AnalysisAI

Technical ContextAI

This vulnerability is classified as Improper Certificate Validation (CWE-295).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

EUVD-2025-19195 vulnerability details – vuln.today

Back

EUVD-2025-19195

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code