CVE-2025-50946: OliveTin OS Command Injection vulnerability

August 13, 2025

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go.

References

github.com/OliveTin/OliveTin
github.com/OliveTin/OliveTin/blob/8c073bf45fca6c6eda4e8a9feb182433277343ee/service/internal/executor/arguments.go
github.com/advisories/GHSA-p3qf-84rg-jxfc
github.com/chrisWalker11/Cves/blob/main/CVE-2025-50946/CVE-2025-50946.md
nvd.nist.gov/vuln/detail/CVE-2025-50946

Code Behaviors & Features

Detect and mitigate CVE-2025-50946 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →