Security Advisory

CVE-2025-61141

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-30 00:00:00
Last updated 2025-10-30 21:02:01
Assigner mitre
State PUBLISHED

Description

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands.