Bondix Server
Monthly
Authenticated OS command injection in SIMA GmbH Bondix Server through 1.25.7.5 on Linux allows an attacker with configuration write privileges to execute arbitrary operating-system commands by supplying crafted values in the environment and tunnel configuration that are passed unsanitized to server-side scripts. The flaw was reported by NCSC.ch and carries a CVSS 4.0 base score of 8.6 (High); no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Authenticated OS command injection in SIMA GmbH Bondix Server through 1.25.7.5 on Linux allows an attacker with configuration write privileges to execute arbitrary operating-system commands by supplying crafted values in the environment and tunnel configuration that are passed unsanitized to server-side scripts. The flaw was reported by NCSC.ch and carries a CVSS 4.0 base score of 8.6 (High); no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.