CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-1244: Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme

Description

A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

Classification

CVE ID: CVE-2025-1244

Affected Products

Vendor: Red Hat

Product: Red Hat Enterprise Linux 6

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 19.94% (scored less or equal to compared to others)

EPSS Date: 2025-03-13 (when was this score calculated)

References

https://access.redhat.com/security/cve/CVE-2025-1244
https://bugzilla.redhat.com/show_bug.cgi?id=2345150

Timeline

2025-02-13 00:33:15 UTC
CVE

Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme
2025-02-20 10:15:18 UTC
Tenable Plugins

SUSE SLES15 Security Update : emacs (SUSE-SU-2025:0589-1)