Impact
OpenCPN 5.12.0 contains a code injection flaw in the wxExecute() function that allows attackers to embed shell metacharacters and execute arbitrary commands. This vulnerability belongs to CWE-77 and can lead to full compromise of the system running OpenCPN, including data theft, modification, or denial of service.
Affected Systems
The vulnerability is present in OpenCPN version 5.12.0. No other affected versions have been documented.
Risk and Exploitability
The CVSS score of 7.8 indicates high severity, while the EPSS score of less than 1% shows a low probability of exploitation at the time of this analysis, and the vulnerability is not listed in CISA's KEV catalog. The likely attack vector is the execution of malicious input via the wxExecute() call, which may be local to the user or via untrusted data if the application accepts external input. If exploited, an attacker can run any shell command with the privileges of the OpenCPN process.
OpenCVE Enrichment