CVE-2025-6775 | xiaoyunjie openvpn-cms-flask up to 1.2.7 User Creation Endpoint /app/api/v1/openvpn.py create_user Username command injection (Issue 24)

A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection.

This vulnerability is uniquely identified as CVE-2025-6775. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More