FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Emacs -- Arbitrary code execution vulnerability

Affected packages
emacs < 30.1,3
emacs-canna < 30.1,3
emacs-nox < 30.1,3
emacs-wayland < 30.1,3
emacs-devel < 30.0.50.20240115,3
emacs-devel-nox < 30.0.50.20240115,3

Details

VuXML ID e60e538f-e795-4a00-b475-cc85a7546e00
Discovery 2025-02-11
Entry 2025-02-24
Modified 2025-02-25

Problem Description

A shell injection vulnerability exists in GNU Emacs due to improper handling of custom man URI schemes.

Impact

Initially considered low severity, as it required user interaction with local files, it was later discovered that an attacker could exploit this vulnerability by tricking a user into visiting a specially crafted website or an HTTP URL with a redirect, leading to arbitrary shell command execution without further user action.

References

CVE Name CVE-2025-1244
URL https://nvd.nist.gov/vuln/detail/CVE-2025-1244

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.