CVE-2025-63916

CVSS v3.1

8.1

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions MyScreenTools version 2.2.1.0

Description The software contains a critical OS command injection issue in the GIF compression tool. The application does not properly sanitize user-supplied file paths before passing them to cmd.exe, which allows attackers to execute arbitrary system commands with the privileges of the user running the application. The vulnerability is located in the

CMD()

function within the GIFSicleToolForm gif sicle tool.cs file, where shell commands are constructed by concatenating unsanitized user input (file paths) and executed via cmd.exe.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the GIF compression tool until a patch is available.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2025-63916

Affected Products

Myscreentools

CVE-2025-63916

Weakness Enumeration

Related Identifiers

Affected Products

References · 7