CVE-2025-52365

Published: Mar 3, 2026

Modified: Mar 3, 2026

PUBLISHED

Description

A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system(). The vulnerability arises from improper input handling where command-line arguments are directly concatenated into shell commands without validation

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/ccurtsinger/stabilizer/

https://github.com/ccurtsinger/stabilizer/blob/master/szc

https://github.com/h1dr1/CVE_Research/blob/main/CVE-2025-52365.md

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-52365

Description

Affected Products

References