Security Advisory

CVE-2025-63334

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-05 00:00:00
Last updated 2025-11-05 20:18:30
Assigner mitre
State PUBLISHED

Description

PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submit_opacity.php component. The application fails to sanitize user input in the opacityValue POST parameter before passing it to a shell command, allowing remote attackers to execute arbitrary commands with root privileges on the underlying system.