Pi Hole

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-34087 HIGH POC THREAT Act Now

Pi-hole versions up to 3.3 contain an authenticated command injection via the domain allowlist functionality. When adding a domain, the domain parameter is passed to OS commands without sanitization, allowing administrators to execute arbitrary commands with the Pi-hole daemon's privileges.

Command Injection Pi Hole

NVD GitHub

CVSS 3.1

8.8

EPSS

46.7%

Threat

4.7

CVE-2025-34087

EPSS 47% 4.7 CVSS 8.8

HIGH POC THREAT Act Now

Pi-hole versions up to 3.3 contain an authenticated command injection via the domain allowlist functionality. When adding a domain, the domain parameter is passed to OS commands without sanitization, allowing administrators to execute arbitrary commands with the Pi-hole daemon's privileges.

Command Injection Pi Hole

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy