Description
Command injection in Raynet rvia RayVentory Scan Engine 12.6 Update 8 and previous versions allows adversaries to execute commands via getconfig, upload, inventory, and oracle options.
Published: 2026-05-27
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Command injection in Raynet rvia RayVentory Scan Engine 12.6 Update 8 (and earlier releases) permits adversaries to run arbitrary system commands via the getconfig, upload, and oracle options. The weakness is a command injection vulnerability (CWE-77). The vulnerability arises when user-supplied directory paths are incorporated into a malformed find command, allowing an attacker to inject arbitrary shell commands. Because the application does not properly escape or validate the input, a crafted request can cause rvia to execute commands with the privileges of the running process. Based on the description, it is inferred that these user-supplied directory paths are included in the find command.

Affected Systems

The affected product is Raynet rvia RayVentory Scan Engine 12.6 Update 8 and earlier versions.

Risk and Exploitability

This is an arbitrary code execution flaw with a CVSS score of 7.8, an EPSS score of less than 1%, and it is not listed in the CISA KEV catalog. An attacker can trigger the flaw by sending malicious requests to the getconfig, upload, or oracle endpoints, allowing the execution of arbitrary commands. Based on the description, it is inferred that a remote attacker with access to these endpoints could exploit it. Based on the description, it is inferred that the attack vector therefore involves network exposure of the vulnerable endpoints.

Generated by OpenCVE AI on June 1, 2026 at 19:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Raynet rvia to a patched version once the vendor releases a fix and test the update in a staging environment before deployment.
  • Restrict access to the getconfig, upload, and oracle endpoints by firewall or authentication controls so that only trusted users or services can reach them.
  • Validate and sanitize all user‑supplied directory path arguments used in the internal find command; enforce a whitelist or limit the search scope to a non‑trusted directory to prevent arbitrary command execution.

Generated by OpenCVE AI on June 1, 2026 at 19:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Title Command Injection via Malformed Find Command in Raynet rvia 12.6.4392.49

Mon, 01 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description Command injection in Raynet rvia 12.6.4392.49-amd64.deb allows adversaries to execute commands via getconfig, and upload through the URL argument, and oracle through the -o flag The Supplier's perspective is that this is caused by Argument Injection in the find command query in rvia 12.6.4392.49. This in an arbitrary code execution flaw caused by an incorrectly constructed find command. The application actively searches for a Java executable by using search criteria that is not properly terminated or sanitized. By constructing a crafted directory path that satisfies the malformed search criteria, an attacker can trick the application into executing arbitrary Java code. This differs from standard PATH manipulation because it stems from the application's internal search logic. Specifically, a local attacker can create a crafted directory structure and path that satisfies an improperly terminated find query used by the application to locate a Java runtime. Command injection in Raynet rvia RayVentory Scan Engine 12.6 Update 8 and previous versions allows adversaries to execute commands via getconfig, upload, inventory, and oracle options.
References

Sat, 30 May 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Raynet
Raynet rvia
Vendors & Products Raynet
Raynet rvia

Fri, 29 May 2026 22:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 28 May 2026 20:30:00 +0000

Type Values Removed Values Added
Title Command Injection via Malformed Find Command in Raynet rvia 12.6.4392.49

Thu, 28 May 2026 18:00:00 +0000

Type Values Removed Values Added
Title Command Injection in Raynet rvia via Unescaped Find Query Allows Arbitrary Code Execution
Weaknesses CWE-20
CWE-78

Thu, 28 May 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-77
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Wed, 27 May 2026 21:15:00 +0000

Type Values Removed Values Added
Title Command Injection in Raynet rvia via Unescaped Find Query Allows Arbitrary Code Execution
Weaknesses CWE-20
CWE-78

Wed, 27 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Command injection in Raynet rvia 12.6.4392.49-amd64.deb allows adversaries to execute commands via getconfig, and upload through the URL argument, and oracle through the -o flag The Supplier's perspective is that this is caused by Argument Injection in the find command query in rvia 12.6.4392.49. This in an arbitrary code execution flaw caused by an incorrectly constructed find command. The application actively searches for a Java executable by using search criteria that is not properly terminated or sanitized. By constructing a crafted directory path that satisfies the malformed search criteria, an attacker can trick the application into executing arbitrary Java code. This differs from standard PATH manipulation because it stems from the application's internal search logic. Specifically, a local attacker can create a crafted directory structure and path that satisfies an improperly terminated find query used by the application to locate a Java runtime.
References

Subscriptions

Raynet Rvia
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-01T15:46:05.552Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-69600

cve-icon Vulnrichment

Updated: 2026-05-28T14:24:28.971Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T18:16:21.780

Modified: 2026-06-01T18:12:56.073

Link: CVE-2025-69600

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T19:45:20Z

Weaknesses
  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')