Cyber Posture

CVE-2025-1244

High

Published: 12 February 2025

Published
12 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0129 79.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

Security Summary

CVE-2025-1244 is a command injection vulnerability (CWE-78) discovered in the text editor Emacs. Published on 2025-02-12, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H), indicating high severity due to its network accessibility, low attack complexity, lack of required privileges, and high impacts on confidentiality, integrity, and availability.

A remote, unauthenticated attacker can exploit the vulnerability by tricking a user into visiting a specially crafted website or an HTTP URL containing a redirect. Successful exploitation enables the attacker to execute arbitrary shell commands on the vulnerable system.

Red Hat has issued multiple security errata addressing this issue in affected products, including RHSA-2025:1915, RHSA-2025:1917, RHSA-2025:1961, RHSA-2025:1962, and RHSA-2025:1963, which provide updated packages to mitigate the vulnerability.

Details

CWE(s)
CWE-78

References