RCE in Pandora Fms Itsm
CVE-2025-4678
Improper Neutralization of Special Elements in the chromium_path variable may allow OS command injection. This issue affects Pandora ITSM 5.0.105.
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.015 (71.3th percentile) — read the EPSS interpretation.
Affected products
- Pandora Fms Itsm — versions 5.0.105