{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-59518", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-05-11T08:38:41.992Z", "dateReserved": "2025-09-17T00:00:00.000Z", "datePublished": "2025-09-17T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "LemonLDAP::NG", "vendor": "lemonldap-ng", "versions": [{"lessThan": "2.16.7", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "2.21.3", "status": "affected", "version": "2.17.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-05-11T08:38:41.992Z"}, "references": [{"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/3462"}, {"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/228d01945d48015f3f9ea8a8dc64d7e6a27750e9"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:lemonldap-ng:lemonldap\\:\\:ng:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.16.7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:lemonldap-ng:lemonldap\\:\\:ng:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.17.0", "versionEndExcluding": "2.21.3"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-17T13:25:41.838580Z", "id": "CVE-2025-59518", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-17T13:25:47.958Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-59518", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-17T13:25:41.838580Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-17T13:25:44.101Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}}], "affected": [{"vendor": "lemonldap-ng", "product": "LemonLDAP::NG", "versions": [{"status": "affected", "version": "0", "lessThan": "2.16.7", "versionType": "semver"}, {"status": "affected", "version": "2.17.0", "lessThan": "2.21.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/3462"}, {"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/228d01945d48015f3f9ea8a8dc64d7e6a27750e9"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lemonldap-ng:lemonldap\\:\\:ng:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2.16.7"}, {"criteria": "cpe:2.3:a:lemonldap-ng:lemonldap\\:\\:ng:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2.21.3", "versionStartIncluding": "2.17.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-05-11T08:38:41.992Z"}}}, "cveMetadata": {"cveId": "CVE-2025-59518", "state": "PUBLISHED", "dateUpdated": "2026-05-11T08:38:41.992Z", "dateReserved": "2025-09-17T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-09-17T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server."}, {"lang": "es", "value": "En LemonLDAP::NG anterior a 2.16.7 y 2.17 hasta 2.21 anterior a 2.21.3, puede ocurrir inyecci\u00f3n de comandos del SO en la jaula Safe. No Localize _ durante la evaluaci\u00f3n de reglas. Por lo tanto, un administrador que puede editar una regla evaluada por la jaula Safe puede ejecutar comandos en el servidor."}], "id": "CVE-2025-59518", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 6.0, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-09-17T04:16:12.527", "references": [{"source": "cve@mitre.org", "url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/228d01945d48015f3f9ea8a8dc64d7e6a27750e9"}, {"source": "cve@mitre.org", "url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/3462"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{"bugzilla": {"description": "lemonldap-ng: OS command injection can occur in the Safe jail", "id": "2395991", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395991"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-78", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "As a temporary mitigation strictly limit access to the admin interface, enforce strong authentication, and audit existing rules for suspicious code. Avoid using dynamic or complex expressions in rules until the system is fully patched."}, "name": "CVE-2025-59518", "public_date": "2025-09-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-59518\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-59518\nhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/228d01945d48015f3f9ea8a8dc64d7e6a27750e9\nhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/3462"], "statement": "This is a Important vulnerability because it breaks the Safe jail\u2019s sandboxing by allowing OS command injection via the Perl _ variable. An admin can exploit this to execute arbitrary commands on the server, leading to full system compromise\u2014far beyond a typical configuration flaw.", "threat_severity": "Important"}

{"created": "2025-09-17T10:04:03.021840+00:00", "updated": "2025-09-17T10:04:03.021874+00:00", "vendors": ["lemonldap-ng", "lemonldap-ng$PRODUCT$lemonldap::ng"]}