VYPR
High severity8.0NVD Advisory· Published Sep 17, 2025· Updated Apr 15, 2026

CVE-2025-59518

CVE-2025-59518

Description

In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lemonldap Ng/Lemonldap Nginferred2 versions
    <2.16.7, >=2.17,<2.21.3+ 1 more
    • (no CPE)range: <2.16.7, >=2.17,<2.21.3
    • (no CPE)range: <2.16.7, >=2.17 <2.21.3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.