CVE-2025-69600

High

Published: 27 May 2026

Published

27 May 2026

Modified

28 May 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 28.3th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-69600 is a high-severity Command Injection (CWE-77) vulnerability in Raynet (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, ranked at the 28.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

NVD Description

Command injection in Raynet rvia 12.6.4392.49-amd64.deb allows adversaries to execute commands via getconfig, and upload through the URL argument, and oracle through the -o flag The Supplier's perspective is that this is caused by Argument Injection in the find command…

query in rvia 12.6.4392.49. This in an arbitrary code execution flaw caused by an incorrectly constructed find command. The application actively searches for a Java executable by using search criteria that is not properly terminated or sanitized. By constructing a crafted directory path that satisfies the malformed search criteria, an attacker can trick the application into executing arbitrary Java code. This differs from standard PATH manipulation because it stems from the application's internal search logic. Specifically, a local attacker can create a crafted directory structure and path that satisfies an improperly terminated find query used by the application to locate a Java runtime.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-77
OWASP Top 10 Web 2025: A05:2025

Affected Products

Raynet

—

inferred from references and description; NVD did not file a CPE for this CVE

References

https://github.com/Wise-Security/CVE-2025-69600
cve@mitre.org
https://support.raynet.de/hc/en-us/articles/19518792826132-RVY200865-RayVentory-12-6
cve@mitre.org