A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker gains local network access, they can then exploit the vulnerability to execute arbitrary commands.

We have already fixed the vulnerability in the following version:
HybridDesk Station 4.2.18 and later
History

Fri, 29 Aug 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 29 Aug 2025 17:30:00 +0000

Type Values Removed Values Added
Description A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker gains local network access, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: HybridDesk Station 4.2.18 and later
Title HybridDesk Station
Weaknesses CWE-77
CWE-78
References
Metrics cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: qnap

Published:

Updated: 2025-08-29T18:21:41.548Z

Reserved: 2025-04-21T07:56:46.494Z

Link: CVE-2025-44015

cve-icon Vulnrichment

Updated: 2025-08-29T18:16:21.384Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-29T18:15:42.097

Modified: 2025-09-02T15:55:35.520

Link: CVE-2025-44015

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.