Back to search
CVE-2025-69212
Published: Feb 6, 2026
Modified: Feb 9, 2026
PUBLISHED
Description
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M (signed XML) file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a malicious filename to execute arbitrary system commands on the server.
| Vendor | Product | Versions |
|---|---|---|
devcode-it | openstamanager | affected <= 2.9.8 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now