QwikSec

Security Database

CVE

CWE

Training

CVE-2025-7404

Published: Jul 24, 2025

Modified: Jul 25, 2025

PUBLISHED

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection.This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.

Vendor	Product	Versions
Calibre Web	Calibre Web	affected `0.6.24`
Autocaliweb	Autocaliweb	affected `0.7.0 - < 0.7.1`

Weaknesses (CWE)

References

https://fluidattacks.com/advisories/kino

third-party-advisory

https://github.com/janeczku/calibre-web

product

https://github.com/gelbphoenix/autocaliweb

product

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.