What is CVE-2025-36846?

CVE-2025-36846 is a vulnerability in N/a. Published 2025-07-21.

Is CVE-2025-36846 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2025-36846

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter tha…

EPSS: 0.584 (98.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

smartoffice.expert/en/
www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-034.txt

Frequently asked questions

What is CVE-2025-36846?: CVE-2025-36846 is a vulnerability in N/a. Published 2025-07-21.
Is CVE-2025-36846 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.