{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-63261", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-25T22:10:36.546Z", "dateReserved": "2025-10-27T00:00:00.000Z", "datePublished": "2026-03-20T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-20T20:07:58.941Z"}, "descriptions": [{"lang": "en", "value": "AWStats 8.0 is vulnerable to Command Injection via the open function"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/eldy/AWStats/blob/develop/wwwroot/cgi-bin/awstats.pl"}, {"url": "https://pentest-tools.com/PTT-2025-021-Code-Execution-in-AWStats.pdf"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-78", "lang": "en", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T14:09:17.275357Z", "id": "CVE-2025-63261", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T14:09:43.048Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2026/03/msg00013.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-25T22:10:36.546Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2026/03/msg00013.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-25T22:10:36.546Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-63261", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-23T14:09:17.275357Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T14:09:30.887Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/eldy/AWStats/blob/develop/wwwroot/cgi-bin/awstats.pl"}, {"url": "https://pentest-tools.com/PTT-2025-021-Code-Execution-in-AWStats.pdf"}], "descriptions": [{"lang": "en", "value": "AWStats 8.0 is vulnerable to Command Injection via the open function"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-20T20:07:58.941Z"}}}, "cveMetadata": {"cveId": "CVE-2025-63261", "state": "PUBLISHED", "dateUpdated": "2026-03-25T22:10:36.546Z", "dateReserved": "2025-10-27T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-20T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:awstats:awstats:7.9:*:*:*:*:*:*:*", "matchCriteriaId": "956487B4-29CE-4869-BBA5-4393F57BC0DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "AWStats 8.0 is vulnerable to Command Injection via the open function"}, {"lang": "es", "value": "AWStats 8.0 es vulnerable a inyecci\u00f3n de comandos a trav\u00e9s de la funci\u00f3n open"}], "id": "CVE-2025-63261", "lastModified": "2026-04-07T16:08:00.883", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-20T21:17:12.800", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/eldy/AWStats/blob/develop/wwwroot/cgi-bin/awstats.pl"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://pentest-tools.com/PTT-2025-021-Code-Execution-in-AWStats.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2026/03/msg00013.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.0"}}], "enrichment": {"confidence": 75.0, "confidence_source": "inferred", "scores": [{"score": 75.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "awstats", "vendor": "eldy"}], "analysis": {"en": {"generated_at": "2026-04-08T00:25:41.231504+00:00", "value": {"mitigation_remediation": ["Apply the latest AWStats update, which removes the vulnerable open function.", "If an immediate upgrade is not possible, limit access to the AWStats CGI directory using firewall rules or web\u2011server authentication mechanisms.", "Maintain current system patches, particularly for the underlying Debian\u00a011.0 distribution.", "Monitor web server logs for anomalous command execution or unexpected traffic to the AWStats CGI endpoint."], "summary": {"action": "Apply Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The flaw affects installations of AWStats version\u00a08.0. Systems running this version on Debian\u00a011.0 Linux, or any operating system where AWStats\u00a08.0 is deployed, are at risk if the CGI interface is reachable from the network.", "description_and_impact": "A vulnerability in AWStats\u00a08.0 allows an attacker to inject arbitrary operating\u2011system commands through the open function used by the CGI script. This command injection, identified as CWE\u201178, can lead to remote code execution on the web server hosting AWStats, granting full control over that system if exploitation is successful.", "risk_and_exploitability": "The CVSS score of 7.8 categorizes the issue as high severity, but the EPSS score of less than 1% indicates a low probability of exploitation in the wild, and the vulnerability is not listed in CISA\u2019s Known Exploited Vulnerabilities catalog. The likely attack path is through the publicly accessible AWStats CGI script; an attacker who can submit input that reaches the vulnerable open call can potentially execute arbitrary commands. No authentication requirement is stated in the description, so access controls around the CGI directory may influence the feasibility of exploitation."}}}}, "created": "2026-03-23T09:54:16.356974+00:00", "updated": "2026-04-08T20:01:27.776758+00:00", "vendors": ["eldy", "eldy$PRODUCT$awstats"]}