A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.
Fixes

Solution

No solution given by the vendor.


Workaround

There is no an existing or known mitigation for this issue without disabling part of the Emacs core functionality. However, by avoiding opening or view untrusted files, websites, HTTP URLs or other URI resources with Emacs would reduce or prevent the risk of performing this attack successfully.

History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00102}

epss

{'score': 0.00111}


Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00081}

epss

{'score': 0.00102}


Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00204}

epss

{'score': 0.00081}


Thu, 22 May 2025 11:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10

Thu, 13 Mar 2025 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Builds
CPEs cpe:/a:redhat:openshift_builds:1.3::el9
Vendors & Products Redhat openshift Builds
References

Tue, 04 Mar 2025 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:9.4

Tue, 04 Mar 2025 08:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
References

Tue, 04 Mar 2025 03:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.2

Mon, 03 Mar 2025 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els
References

Mon, 03 Mar 2025 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.2::appstream
cpe:/o:redhat:rhel_aus:8.2::baseos
References

Mon, 03 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.4
cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.4
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:8.8
cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_tus:8.4
cpe:/a:redhat:rhel_tus:8.6

Mon, 03 Mar 2025 11:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
References

Mon, 03 Mar 2025 08:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:8.8::appstream
cpe:/o:redhat:rhel_eus:8.8::baseos
References

Mon, 03 Mar 2025 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_e4s:8.4::appstream
cpe:/a:redhat:rhel_eus:9.2::appstream
cpe:/a:redhat:rhel_tus:8.4::appstream
cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_e4s:8.4::baseos
cpe:/o:redhat:rhel_tus:8.4::baseos
Vendors & Products Redhat rhel Eus
References

Mon, 03 Mar 2025 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream
cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.6::baseos
cpe:/o:redhat:rhel_tus:8.6::baseos
Vendors & Products Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
References

Sat, 01 Mar 2025 21:45:00 +0000

Type Values Removed Values Added
References

Sat, 01 Mar 2025 06:45:00 +0000


Thu, 27 Feb 2025 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8
cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:8

Thu, 27 Feb 2025 11:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/o:redhat:enterprise_linux:8::baseos
References

Thu, 27 Feb 2025 10:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::appstream
References

Wed, 19 Feb 2025 18:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

Wed, 12 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 12 Feb 2025 14:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.
Title emacs: Shell Injection Vulnerability in GNU Emacs via Custom "man" URI Scheme Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References

Wed, 12 Feb 2025 13:45:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title emacs: Shell Injection Vulnerability in GNU Emacs via Custom "man" URI Scheme
Weaknesses CWE-78
References
Metrics threat_severity

None

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

threat_severity

Important


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-25T17:20:59.647Z

Reserved: 2025-02-12T07:32:23.452Z

Link: CVE-2025-1244

cve-icon Vulnrichment

Updated: 2025-03-01T21:02:26.923Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-02-12T15:15:18.430

Modified: 2025-03-13T14:15:34.977

Link: CVE-2025-1244

cve-icon Redhat

Severity : Important

Publid Date: 2025-02-12T00:00:00Z

Links: CVE-2025-1244 - Bugzilla

cve-icon OpenCVE Enrichment

No data.