{"id":"CVE-2025-30007","summary":"HestiaCP \u003c 1.9.5 Authenticated OS Command Injection via DNS Record Management","details":"HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types. Attackers can exploit insufficient input validation in is_dns_record_format_valid() combined with unsafe eval-based parsing in update_domain_zone() to prematurely close a variable assignment string and achieve full root code execution on the underlying host in a single DNS record creation step.","modified":"2026-07-16T03:30:55.690093053Z","published":"2026-07-10T17:50:33.868Z","database_specific":{"cna_assigner":"VulnCheck","cwe_ids":["CWE-78"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/30xxx/CVE-2025-30007.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/30xxx/CVE-2025-30007.json"},{"type":"ADVISORY","url":"https://github.com/hestiacp/hestiacp/releases/tag/1.9.5"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30007"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/hestiacp-authenticated-os-command-injection-via-dns-record-management"},{"type":"REPORT","url":"https://github.com/hestiacp/hestiacp/pull/5197"},{"type":"FIX","url":"https://github.com/hestiacp/hestiacp/commit/a74babb739aa92e52b12d6ef52b6b9428ffbbb67"},{"type":"PACKAGE","url":"https://github.com/hestiacp/hestiacp"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hestiacp/hestiacp","events":[{"introduced":"0"},{"fixed":"99fd9a41ee70702172c75957f599f8f43a08bddd"},{"fixed":"a74babb739aa92e52b12d6ef52b6b9428ffbbb67"}],"database_specific":{"source":["DESCRIPTION","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"1.9.5"}]}}],"versions":["1.9.4","1.9.3","1.9.2","1.9.1","1.9.0","1.8.0","1.7.0","1.5.0","1.4.14","1.4.13","1.4.12","1.4.11","1.4.10","1.4.9","1.4.8","1.4.7","1.4.6","1.4.5","1.4.4","1.4.3","1.4.2","1.4.1","1.4.0","1.2.0","1.0.1","1.00.0-190618","0.9.8-28"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30007.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}]}