CVE-2025-28386

描述

A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file.

受影響套件(1)

• PyPI/openc3from 0, <= 6.0.0

CVSS 分數

參考連結(2)

• EXPLOIThttps://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework/
• WEBhttps://openc3.com/