CVE-2025-5525

Name of the Vulnerable Software and Affected Versions Jrohy trojan versions up to 2.15.3

Description A critical issue affects the LogChan function in the file trojan/util/linux.go. The manipulation of the argument c leads to os command injection. This issue can be initiated remotely, but the complexity of an attack is rather high, making exploitation difficult.

Recommendations For Jrohy trojan versions up to 2.15.3, consider disabling the LogChan function until a patch is available to prevent os command injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.