CVE-2025-69201

Published: Dec 29, 2025

Modified: Dec 29, 2025

PUBLISHED

Description

Tugtainer is a self-hosted app for automating updates of docker containers. In versions prior to 1.15.1, arbitary arguments can be injected in tugtainer-agent `POST api/command/run`. Version 1.15.1 fixes the issue.

Vendor	Product	Versions
Quenary	tugtainer	affected `< 1.15.1`

Weaknesses (CWE)

CWE-77

References

https://github.com/Quenary/tugtainer/security/advisories/GHSA-grc3-8w5x-g54q

x_refsource_CONFIRM

https://github.com/Quenary/tugtainer/pull/88

x_refsource_MISC

https://github.com/Quenary/tugtainer/commit/dbb17d843e30fd7509acf0328c913dcb42f40831

x_refsource_MISC

https://github.com/Quenary/tugtainer/releases/tag/v1.15.1

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-69201

Description

Affected Products

Weaknesses (CWE)

References