Description

An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where this was explicitly forbidden by configuring the prevent_execve flag in the configuration file. This setting is not usually recommended and is uncommonly used, so this issue will only affect users who do set it. This issue is fixed in release 0.73.4.

INFO

Published Date :

2025-02-27T16:07:49.577Z

Last Modified :

2025-02-27T16:19:54.044Z

Source :

rapid7
AFFECTED PRODUCTS

The following products are affected by CVE-2025-0914 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-0914.

URL Resource
https://docs.velociraptor.app/announcements/advisories/cve-2025-0914/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact