CVE-2025-24364

Name of the Vulnerable Software and Affected Versions vaultwarden version 1.33.0 and earlier

Description The issue allows an attacker with authenticated access to the vaultwarden admin panel to execute arbitrary code in the system. This can be achieved by changing settings to use sendmail as a mail agent, adjusting the settings to use a shell command, and crafting a special favicon image with embedded commands to run during certain actions, such as sending a test email. The vulnerability is reported to affect a significant number of devices, given vaultwarden's popularity, with estimates suggesting it is used in 10% of all companies in some countries.

Recommendations For versions prior to 1.33.0, update to version 1.33.0 to fix the vulnerability. As a temporary workaround, consider disabling the sendmail functionality and restricting access to the admin panel until the update can be applied. Additionally, restrict access to the favicon image upload feature to minimize the risk of exploitation.