CVE-2025-24962

Name of the Vulnerable Software and Affected Versions: reNgine (affected versions not specified)

Description: The issue allows a user to inject commands via the nmap cmd parameters. This is a command injection issue in the reNgine automated reconnaissance framework for web applications. Users are advised to filter user input and monitor the project for a new release.

Recommendations: For all affected versions, filter user input to prevent command injection. As a temporary workaround, consider restricting the use of the nmap cmd parameter until a patch is available. Update to commit c28e5c8d or wait for the next release to address the issue. Secure user input and monitor updates for a new version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.