RCE in Pandora Fms Itsm

CVE-2025-4678

Improper Neutralization of Special Elements in the chromium_path variable may allow OS command injection. This issue affects Pandora ITSM 5.0.105.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.015 (71.3th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References