Skip to main content

OpenCPN EUVDEUVD-2025-210154

| CVE-2025-56814 HIGH
Command Injection (CWE-77)
2026-06-15 mitre GHSA-wvcq-xvv7-c8m8
7.8
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Local app processing attacker-supplied input under an existing low-privileged user (AV:L/PR:L/UI:N); shell injection yields full code execution, so C/I/A all High.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jun 15, 2026 - 22:46 vuln.today
CVSS changed
Jun 15, 2026 - 21:22 NVD
7.8 (None) 7.8 (HIGH)
CVE Published
Jun 15, 2026 - 00:00 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

A code injection vulnerability in the wxExecute() function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters.

AnalysisAI

Arbitrary code execution in OpenCPN v5.12.0 allows local authenticated users to run shell commands by embedding shell metacharacters in input passed to the wxExecute() function. CVSS 3.1 rates it 7.8 (High) with local attack vector and low privileges required, and SSVC assesses technical impact as total but with no observed exploitation. No public exploit identified at time of analysis beyond a researcher write-up referenced in the advisory.

Technical ContextAI

OpenCPN is an open-source chartplotter and marine navigation application widely used by recreational and commercial mariners. The flaw lies in the use of wxWidgets' wxExecute() function, a cross-platform process-launch API that, when called with a single command string, passes the string through a shell interpreter. The root cause maps to CWE-77 (Improper Neutralization of Special Elements used in a Command), meaning user-controlled input is concatenated into a command line without sanitization or escaping, so shell metacharacters such as ;, &&, |, $(...) and backticks are interpreted by the shell rather than treated as literal data. Secure usage of wxExecute() requires passing arguments as a tokenized array (wxArrayString) and avoiding shell-mediated invocation, neither of which appears to have been done in the vulnerable code path.

RemediationAI

No vendor-released patch identified at time of analysis - the input data lists no fix version, vendor advisory, or commit. Users of OpenCPN 5.12.0 should monitor the OpenCPN GitHub repository and project releases page for an updated build that replaces vulnerable wxExecute() string invocations with the array/argv form, and apply that release as soon as it is published; the researcher write-up at https://jihoo-portfolio.vercel.app/posts/opencpn-rce-command-injection and the NVD record at https://nvd.nist.gov/vuln/detail/CVE-2025-56814 should be tracked for fix references. As compensating controls until a patch is available, avoid loading untrusted chart files, plugins, route/waypoint files, or configuration imports from third parties (the most plausible input vectors for shell metacharacters), and run OpenCPN under a dedicated low-privileged OS account so that successful exploitation does not yield administrative access - note this does not prevent code execution in that account's context. On multi-user systems, restrict filesystem permissions on OpenCPN's configuration and plugin directories to the intended user only to prevent another local user from staging a malicious payload.

More in N A

View all
CVE-2026-31072 CRITICAL POC
9.8 May 19

Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deseriali

CVE-2026-36356 CRITICAL POC
9.1 May 05

Unauthenticated remote OS command injection in MeiG Smart FORGE_SLT711 cellular gateway firmware MDM9607.LE.1.0-00110-ST

CVE-2026-31071 CRITICAL POC
9.1 May 19

Unauthenticated API access in LalanaChami Pharmacy Management System (commit 5c3d028) allows remote attackers to dump al

CVE-2025-66391 HIGH POC
8.8 Jun 17

In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o

CVE-2026-26740 HIGH POC
8.2 Mar 18

Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when

CVE-2025-60464 HIGH POC
7.8 Jun 25

Denial of service in GPAC's MP4Box multimedia tool (versions before 26.02.0) arises from a use-after-free in the gf_sei_

CVE-2026-36355 HIGH POC
7.7 May 05

Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to acc

CVE-2025-60474 HIGH POC
7.5 Jun 24

Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by s

CVE-2026-38639 HIGH POC
7.5 Jun 26

An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S

CVE-2026-38641 HIGH POC
7.5 Jun 26

Denial of service in relibc (the Redox OS C standard library) at commit 61f42d allows attackers to crash a process by ge

CVE-2026-38637 HIGH POC
7.5 Jun 25

An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of S

CVE-2026-38640 HIGH POC
7.5 Jun 25

Denial of service in relibc (the Redox OS C standard library implementation, commit 61f42d) lets attackers crash a proce

Share

EUVD-2025-210154 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy