CVE-2025-69600 - Vulnerability Details

Description

Command injection in Raynet rvia 12.6.4392.49-amd64.deb allows adversaries to execute commands via getconfig, and upload through the URL argument, and oracle through the -o flag The Supplier's perspective is that this is caused by Argument Injection in the find command query in rvia 12.6.4392.49. This in an arbitrary code execution flaw caused by an incorrectly constructed find command. The application actively searches for a Java executable by using search criteria that is not properly terminated or sanitized. By constructing a crafted directory path that satisfies the malformed search criteria, an attacker can trick the application into executing arbitrary Java code. This differs from standard PATH manipulation because it stems from the application's internal search logic. Specifically, a local attacker can create a crafted directory structure and path that satisfies an improperly terminated find query used by the application to locate a Java runtime.

Published: 2026-05-27

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

Command injection in Raynet rvia 12.6.4392.49-amd64.deb allows an attacker to execute arbitrary system commands through the getconfig endpoint, the upload functionality via a URL argument, and the oracle command using the -o flag. The flaw originates from argument injection in an internally constructed find command query. Because the application builds a search pattern to locate a Java executable without properly terminating or sanitizing user input, a crafted directory path can be used to trick rvia into invoking arbitrary Java code.

Affected Systems

The affected product is Raynet’s rvia component, specifically version 12.6.4392.49 listed in the amd64 Debian package. No other vendors or product versions are identified as affected.

Risk and Exploitability

This is an arbitrary code execution flaw with a potential CVSS score not publicly available; the EPSS score is unknown and the vulnerability is not listed in the CISA KEV catalog. Nevertheless, a local attacker who can create a crafted directory structure or a remote attacker who can send malicious requests to getconfig, upload, or oracle endpoints could compromise the system. The likely attack vector involves local or privileged access to the machine or network exposure of the vulnerable endpoints.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Raynet rvia to a patched version once the vendor releases a fix and test the update in a staging environment before deployment.
Restrict access to the getconfig, upload, and oracle endpoints by firewall or authentication controls so that only trusted users or services can reach them.
Validate and sanitize all user‑supplied directory path arguments used in the internal find command; enforce a whitelist or limit the search scope to a non‑trusted directory to prevent arbitrary command execution.

Generated by OpenCVE AI on May 27, 2026 at 20:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/Wise-Security/CVE-2025-69600
https://support.raynet.de/hc/en-us/articles/19518792826132-RVY200865-RayVentory-12-6

History

Wed, 27 May 2026 21:15:00 +0000

Type	Values Removed	Values Added
Title		Command Injection in Raynet rvia via Unescaped Find Query Allows Arbitrary Code Execution
Weaknesses		CWE-20 CWE-78

Wed, 27 May 2026 17:45:00 +0000

Type	Values Removed	Values Added
Description		Command injection in Raynet rvia 12.6.4392.49-amd64.deb allows adversaries to execute commands via getconfig, and upload through the URL argument, and oracle through the -o flag The Supplier's perspective is that this is caused by Argument Injection in the find command query in rvia 12.6.4392.49. This in an arbitrary code execution flaw caused by an incorrectly constructed find command. The application actively searches for a Java executable by using search criteria that is not properly terminated or sanitized. By constructing a crafted directory path that satisfies the malformed search criteria, an attacker can trick the application into executing arbitrary Java code. This differs from standard PATH manipulation because it stems from the application's internal search logic. Specifically, a local attacker can create a crafted directory structure and path that satisfies an improperly terminated find query used by the application to locate a Java runtime.
References		https://github.com/Wise-Security/CVE-2025-69600 https://support.raynet.de/hc/en-us/articles/19518792826132-RVY200865-RayVentory-12-6

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-05-27T00:00:00.000Z

Updated: 2026-05-27T16:53:45.889Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-69600

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-27T18:16:21.780

Modified: 2026-05-27T18:16:21.780

Link: CVE-2025-69600

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-27T21:00:14Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object