CVE-2025-3022

Name of the Vulnerable Software and Affected Versions e-solutions e-management (affected versions not specified)

Description The issue is an OS command injection vulnerability that allows an attacker to execute arbitrary commands on the server. This is achieved via the client parameter in the "/data/apache/e-management/api/api3.php" endpoint.

Recommendations As a temporary workaround, consider restricting access to the "/data/apache/e-management/api/api3.php" endpoint to minimize the risk of exploitation. Avoid using the client parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.