{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-63261", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-23T14:09:43.048Z", "dateReserved": "2025-10-27T00:00:00.000Z", "datePublished": "2026-03-20T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-20T20:07:58.941Z"}, "descriptions": [{"lang": "en", "value": "AWStats 8.0 is vulnerable to Command Injection via the open function"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/eldy/AWStats/blob/develop/wwwroot/cgi-bin/awstats.pl"}, {"url": "https://pentest-tools.com/PTT-2025-021-Code-Execution-in-AWStats.pdf"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-78", "lang": "en", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T14:09:17.275357Z", "id": "CVE-2025-63261", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T14:09:43.048Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-63261", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-23T14:09:17.275357Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T14:09:30.887Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/eldy/AWStats/blob/develop/wwwroot/cgi-bin/awstats.pl"}, {"url": "https://pentest-tools.com/PTT-2025-021-Code-Execution-in-AWStats.pdf"}], "descriptions": [{"lang": "en", "value": "AWStats 8.0 is vulnerable to Command Injection via the open function"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-20T20:07:58.941Z"}}}, "cveMetadata": {"cveId": "CVE-2025-63261", "state": "PUBLISHED", "dateUpdated": "2026-03-23T14:09:43.048Z", "dateReserved": "2025-10-27T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-20T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "AWStats 8.0 is vulnerable to Command Injection via the open function"}], "id": "CVE-2025-63261", "lastModified": "2026-03-23T15:16:29.387", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-20T21:17:12.800", "references": [{"source": "cve@mitre.org", "url": "https://github.com/eldy/AWStats/blob/develop/wwwroot/cgi-bin/awstats.pl"}, {"source": "cve@mitre.org", "url": "https://pentest-tools.com/PTT-2025-021-Code-Execution-in-AWStats.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.0"}}], "enrichment": {"confidence": 75.0, "confidence_source": "inferred", "scores": [{"score": 75.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "awstats", "vendor": "eldy"}], "analysis": {"en": {"generated_at": "2026-03-23T15:35:42.975476+00:00", "value": {"mitigation_remediation": ["Upgrade AWStats to the latest version that removes the vulnerable open function.", "If an upgrade is not immediately possible, apply an internal patch that sanitizes or removes the vulnerable code path used by the open function.", "Restrict access to the awstats.pl endpoint to trusted administrators or IP ranges using firewall or web server configuration.", "Monitor web application logs for unusual command execution patterns and investigate any suspicious activities."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution via command injection"}, "threat_synthesis": {"affected_systems": "The vulnerable product is AWStats 8.0. No additional vendors or versions are listed in the CNA data; therefore only this specific release is confirmed to be affected.", "description_and_impact": "AWStats version 8.0 is affected by a command injection flaw where the open function processes untrusted input without proper validation. An attacker can supply crafted data that is passed to the operating system shell, allowing execution of arbitrary commands. This vulnerability falls under CWE-78 and can compromise confidentiality, integrity, or availability of the host system if exploited.", "risk_and_exploitability": "The CVSS score of 7.8 indicates a high severity risk, while an EPSS score of less than 1 percent suggests a low probability of exploitation in the wild. The vulnerability is not currently listed in CISA\u2019s KEV catalog. Based on the description, the likely attack vector is remote, originating from crafted HTTP requests to the awstats.pl script. The exploitation requires network access to the web server running AWStats and the ability to influence the input supplied to the open function."}}}}, "created": "2026-03-23T09:54:16.356974+00:00", "title": "Command Injection in AWStats via Open Function", "updated": "2026-03-25T14:10:14.806937+00:00", "vendors": ["eldy", "eldy$PRODUCT$awstats"]}