CVE-2025-24962

Publication date

2025-02-03 20:58:06

Family

GitHub_M

State

PUBLISHED

Description

reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned release. Users are advised to filter user input and monitor the project for a new release.