PT-2025-38108 · Unknown+1 · Lemonldap::Ng+1
Yadd
·
Published
2025-09-17
·
Updated
2025-09-17
·
CVE-2025-59518
CVSS v3.1
8.0
High
| Vector | AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
LemonLDAP::NG versions prior to 2.16.7
LemonLDAP::NG versions 2.17 through 2.21 before 2.21.3
Description
LemonLDAP::NG is susceptible to OS command injection within the Safe jail. The software fails to localize the underscore character ( ) during rule evaluation, potentially allowing an administrator with rule editing privileges to execute commands on the server.
Recommendations
Update LemonLDAP::NG to version 2.16.7 or later.
Update LemonLDAP::NG to version 2.21.3 or later.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Lemonldap::Ng