CVE-2025-29331 – MHSanaei 3x-ui Remote Code Execution Vulnerability

June 26, 2025

CVE ID : CVE-2025-29331

Published : June 26, 2025, 3:15 p.m. | 3 hours, 44 minutes ago

Description : An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary code via the management script x-ui passes the no check certificate option to wget when downloading updates

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53002 – LLaMA-Factory is a tuning library for large langua

Next Article CVE-2025-30131 – IROAD Dashcam FX2 Unauthenticated File Upload Command Execution

CodeSOD: Across the 4th Dimension

Cursor vs GitHub Copilot (2025): Which AI Platform Wins for Your Node.js Dev Team?

NuGet adds support for Trusted Publishing

AWS launches IDE extension for building browser automation agents

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

IDC ServiceScape for Microsoft Power Apps Low-Code/No-Code Custom Application Development Services

A Stream-Oriented UI library for interactive web applications

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

CVE-2025-29331 – MHSanaei 3x-ui Remote Code Execution Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Microsoft Just Made Windows 10’s $30 Extended Support Program an Even Better Deal — But You Need a Microsoft Account to Pay For It

CVE-2025-5148 – FunAudioLLM InspireMusic Pickle Data Handler Deserialization Vulnerability

CVE-2025-48122 – Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light SQL Injection Vulnerability

CVE-2025-3444 – Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus LFI Vulnerability

Redis DoS Vulnerability: Attackers Can Exhaust Server Memory or Cause Crashes

OpenChrom – software for chromatography, spectrometry and spectroscopy

CVE-2025-48501 – Nimesa Backup and Recovery Command Injection Vulnerability

CVE-2025-22882 – Delta Electronics ISPSoft Buffer Overflow

CVE-2025-29331 – MHSanaei 3x-ui Remote Code Execution Vulnerability

Related Posts