CVE-2025-50428
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-50428
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-50428.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-50428
- Published
- 2025-08-27T17:15:41.443Z
- Modified
- 2025-11-17T04:00:26.427787Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter.
- References
Affected packages
Git / github.com/raspap/raspap-webgui
Affected ranges
- Type
- GIT
- Repo
- https://github.com/raspap/raspap-webgui
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
1.*
1.0
1.3.1
1.4.0
1.4.1
1.5
1.5.1
1.6
1.6.1
1.6.2
2.*
2.0
2.1
2.2
2.3
2.3.1
2.4
2.4-beta
2.4.1
2.5
2.5.1
2.5.2
2.6
2.6-beta
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
2.7.0
2.7.1
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.8.7
2.8.8
2.8.9
2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
2.9.7
2.9.8
2.9.9
3.*
3.0
3.0-beta
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.2.8
3.2.9
3.3.0
3.3.1
3.3.2
v1.*
v1.0
v1.1
v1.2.0
v1.2.1
v1.3.0