High severity8.8NVD Advisory· Published Feb 12, 2025· Updated Apr 15, 2026

CVE-2025-1244

Description

A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

Affected products

Emacs Mirror/Emacsinferred

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2025/03/01/2nvd
access.redhat.com/errata/RHSA-2025:1915nvd
access.redhat.com/errata/RHSA-2025:1917nvd
access.redhat.com/errata/RHSA-2025:1961nvd
access.redhat.com/errata/RHSA-2025:1962nvd
access.redhat.com/errata/RHSA-2025:1963nvd
access.redhat.com/errata/RHSA-2025:1964nvd
access.redhat.com/errata/RHSA-2025:2022nvd
access.redhat.com/errata/RHSA-2025:2130nvd
access.redhat.com/errata/RHSA-2025:2157nvd
access.redhat.com/errata/RHSA-2025:2195nvd
access.redhat.com/errata/RHSA-2025:2754nvd
access.redhat.com/security/cve/CVE-2025-1244nvd
bugzilla.redhat.com/show_bug.cginvd
debbugs.gnu.org/cgi/bugreport.cginvd
git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWSnvd
lists.debian.org/debian-lts-announce/2025/02/msg00033.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000