CVE-2025-50739

CVE-2025-50739 affects iib0011 omni-tools version 0.4.0, enabling remote code execution through unsafe JSON deserialization. This vulnerability, associated with CWE-94 (code injection), was published on 2025-10-30 and carries a CVSS v3.1 base score of 9.8, indicating critical severity due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and high impact on confidentiality, integrity, and availability.

An unauthenticated attacker with network access can exploit this flaw remotely with low complexity and no user interaction, achieving full remote code execution on the affected system. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) underscores the ease of exploitation, allowing arbitrary code execution that compromises the entire host.

References include a GitHub repository at https://github.com/fai1424/Vulnerability-Research/tree/main/CVE-2025-50739 detailing the vulnerability research and the omni-tools JSON stringify page at https://omnitools.app/json/stringify, which may provide additional context on the affected component. No specific mitigation or patch details are detailed in the core CVE information.