cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-24959,https://securityvulnerability.io/vulnerability/CVE-2025-24959,Arbitrary Command Execution Vulnerability in zx Tool by Google,"The zx tool, widely used for scripting, has a vulnerability that allows an attacker to manipulate environment variable values, potentially leading to arbitrary command execution. This occurs when applications process untrusted input through `dotenv.stringify`, making them susceptible to unexpected behavior if they rely on environment variables for critical security functions. Users are encouraged to upgrade to version 8.3.2 to address this issue. For those unable to upgrade, it is crucial to sanitize user-controlled values carefully, avoiding characters like double quotes, single quotes, and backticks, or to enforce strict validation on environment variables prior to use.",Google,Zx,1,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-03T20:48:16.507Z,0