How severe is CVE-2025-46816?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.4 out of 10.

What type of vulnerability is CVE-2025-46816?

This is classified as CWE-77, which is a common weakness in software security.

CVE-2025-46816 - CRITICAL Severity | CVSS 9.4

Vulnerability Description

goshs is a SimpleHTTPServer written in Go. Starting in version 0.3.4 and prior to version 1.0.5, running goshs without arguments makes it possible for anyone to execute commands on the server. The function `dispatchReadPump` does not checks the option cli `-c`, thus allowing anyone to execute arbitrary command through the use of websockets. Version 1.0.5 fixes the issue.

Related Vulnerabilities

CVE-2024-0817

CRITICAL

CVSS:9.3(Critical)

Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0

CWE-772024

CVE-2020-14436

CRITICAL

CVSS:9.6(Critical)

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15....

CWE-772020