Unrated severityNVD Advisory· Published Feb 18, 2026· Updated Mar 11, 2026
CVE-2025-65791
CVE-2025-65791
Description
ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec() function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: =1.36.34
Patches
Vulnerability mechanics
News mentions
0No linked articles in our index yet.