High severity7.8NVD Advisory· Published Mar 20, 2026· Updated Apr 7, 2026
CVE-2025-63261
CVE-2025-63261
Description
AWStats 8.0 is vulnerable to Command Injection via the open function
Affected products
2- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- pentest-tools.com/PTT-2025-021-Code-Execution-in-AWStats.pdfnvdExploitThird Party Advisory
- lists.debian.org/debian-lts-announce/2026/03/msg00013.htmlnvdMailing ListThird Party Advisory
- github.com/eldy/AWStats/blob/develop/wwwroot/cgi-bin/awstats.plnvdProduct
News mentions
0No linked articles in our index yet.