High severity7.8NVD Advisory· Published Feb 12, 2025· Updated May 8, 2026

CVE-2024-12251

Description

In Progress Telerik UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements.

Affected products

Telerik/Ui For Winui
cpe:2.3:a:telerik:ui_for_winui:*:*:*:*:*:*:*:*
Range: >=2.0.0,<3.0.0
Progress Software/Telerik UI for WinUIv5
Range: 2.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.telerik.com/devtools/winui/security/kb-security-command-injection-cve-2024-12251nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000