Unrated severityNVD Advisory· Published Nov 5, 2025· Updated Nov 5, 2025
CVE-2025-63334
CVE-2025-63334
Description
PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submit_opacity.php component. The application fails to sanitize user input in the opacityValue POST parameter before passing it to a shell command, allowing remote attackers to execute arbitrary commands with root privileges on the underlying system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- PocketVJ CP/PocketVJ-CP-v3 pvjdescription
- Range: =3.9.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.