CVE-2025-0914— Velociraptor Shell Plugin Prevent_execve Bypass
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-0914
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Velociraptor Shell Plugin Prevent_execve Bypass
Source: NVD (National Vulnerability Database)
Vulnerability Description
An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where this was explicitly forbidden by configuring the prevent_execve flag in the configuration file. This setting is not usually recommended and is uncommonly used, so this issue will only affect users who do set it. This issue is fixed in release 0.73.4.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
权限预留不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Velociraptor 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Velociraptor是Velocidex开源的一种使用 Velociraptor 查询语言(VQL)查询收集基于主机的状态信息的工具。 Velociraptor 0.73.4之前版本存在安全漏洞,该漏洞源于访问控制不当,允许执行execve插件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Rapid7 | Velociraptor | 0 ~ 0.73.4 | - |
II. Public POCs for CVE-2025-0914
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-0914
请登录查看更多情报信息。
Vendor Advisories for CVE-2025-0914 (1)
IV. Related Vulnerabilities
Same product: Velociraptor
- CVE-2026-8795
Rapid7 Velociraptor<0.76.6 YAML注入漏洞 - CVE-2026-6863
HTTP Filestore Endpoints Misapply Permissions Across Organiz - CVE-2026-7572
Velociraptor EVTX Parser — Process Crash via Crafted .evtx F - CVE-2026-7573
GetUserRoles API endpoint allows any authenticated user to e - CVE-2026-6948
Unbounded Memory Allocation in VQLResponse Result-Set Writer
Same vendor: Rapid7
- CVE-2026-8795
Rapid7 Velociraptor<0.76.6 YAML注入漏洞 - CVE-2026-7373
Metasploit Pro on Windows: Local Privilege Escalation via Op - CVE-2026-6863
HTTP Filestore Endpoints Misapply Permissions Across Organiz - CVE-2026-6948
Unbounded Memory Allocation in VQLResponse Result-Set Writer - CVE-2026-6482
Local Privilege Escalation via OpenSSL configuration file in
Same weakness: CWE-281
- CVE-2024-47270
Synology Surveillance Station 安全漏洞 - CVE-2026-44832
Snipe-IT: Privilege Escalation via API Permissions Assignmen - CVE-2026-24194
NVIDIA Display Driver for Linux 安全漏洞 - CVE-2026-34600
Joplin Server delta API returns note content after share acc - CVE-2026-25850
filemanagement_storage_service has an improper preservation
V. Comments for CVE-2025-0914
No comments yet