Unrated severityNVD Advisory· Published Aug 27, 2025· Updated Aug 29, 2025

CVE-2025-50428

Description

In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter.

Affected products

RaspAP/raspap-webguidescription
RaspAP/raspap-webguillm-fuzzy
Range: <=3.3.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.smarttecs.com/posts/2025-004-cve-2025-50428/mitre
github.com/RaspAP/raspap-webgui/pull/1833mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000