CVE-2025-5952 | Zend.To up to 6.10-6 Beta NSSDropoff.php exec file_1 os command injection

A vulnerability, which was classified as critical, has been found in Zend.To up to 6.10-6 Beta. This issue affects the function exec of the file NSSDropoff.php. The manipulation of the argument file_1 leads to os command injection.

The identification of this vulnerability is CVE-2025-5952. The attack may be initiated remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

This affects a rather old version of the software. The vendor recommends updating to the latest release.VulDB Recent EntriesRead More