VYPR
Moderate severityNVD Advisory· Published Jul 24, 2025· Updated Jul 25, 2025

Calibre Web 0.6.24 & Autocaliweb 0.7.0 - Blind C

CVE-2025-7404

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection.This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
calibrewebPyPI
<= 0.6.24

Affected products

3
  • ghsa-coords
    Range: <= 0.6.24
  • Autocaliweb/Autocaliwebv5
    Range: 0.7.0
  • Calibre Web/Calibre Webv5
    Range: 0.6.24

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.