Severity: High
ZVE ID: ZVE-2025-7390
| Product name | Affected Version(s) | Fixed Version(s) | Fixed On |
|---|---|---|---|
| OpManager OpManager Enterprise Edition OpManager Plus OpManager Plus Enterprise Edition OpManager MSP |
12.8.655 to 12.8.664 | 128665 | 10-01-2026 |
| 12.8.594 to 12.8.633 | 128634 | 09-01-2026 | |
| 12.8.588 and below | 128589 | 13-01-2026 |
Details:
OpManager : The Command Injection vulnerability that lead to Remote Code Execution was identified in Notification Profile module, has now been fixed.
Impact:
This vulnerability could allow a remote attacker to inject malicious payloads into argument variables, which would be executed on the server as part of the profile functionality, potentially resulting in remote code execution.
Fix:
The issue has been resolved by enforcing strict validation and sanitization of all commands and argument inputs prior to execution. This ensures that injected payloads are not processed or executed on the server.
Steps to upgrade:
Source and Acknowledgements:
This vulnerability was reported by Daniel Santos.
Kindly contact our product support teams for further details, at the email address mentioned below: