VYPR
High severity7.5GHSA Advisory· Published Oct 30, 2025· Updated Apr 15, 2026

CVE-2025-61141

CVE-2025-61141

Description

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.