CVE-2025-63916

Name of the Vulnerable Software and Affected Versions MyScreenTools version 2.2.1.0

Description The software contains a critical OS command injection issue in the GIF compression tool. The application does not properly sanitize user-supplied file paths before passing them to cmd.exe, which allows attackers to execute arbitrary system commands with the privileges of the user running the application. The vulnerability is located in the CMD() function within the GIFSicleToolForm gif sicle tool.cs file, where shell commands are constructed by concatenating unsanitized user input (file paths) and executed via cmd.exe.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the GIF compression tool until a patch is available.