Unknown · Raspap Raspap-Webgui · CVE-2025-50428
Name of the Vulnerable Software and Affected Versions:
RaspAP raspap-webgui versions prior to 3.3.3
Description:
A command injection issue exists in the `includes/hostapd.php` script due to improper sanitization of user input passed via the `interface` parameter.
Recommendations:
Update RaspAP raspap-webgui to a version later than 3.3.2.
As a temporary workaround, restrict access to the `includes/hostapd.php` script to minimize the risk of exploitation.