CVE-2025-67738

Name of the Vulnerable Software and Affected Versions Webmin versions prior to 2.600

Description The application does not properly handle arguments within the cachemgr.cgi script when the Squid module and its Cache Manager feature are enabled. This issue arises if an unauthorized user gains access to Webmin and possesses specific Cache Manager permissions, specifically the "cms" security option. The problem occurs when arguments are not correctly quoted, potentially leading to unintended consequences.

Recommendations Update to Webmin version 2.600 or later.