Untriaged
Permalink
CVE-2025-1244
8.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme
A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.
References
- RHBZ#2345150 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-1244 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2025-1244 x_refsource_REDHAT vdb-entry
- RHBZ#2345150 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-1244 x_refsource_REDHAT vdb-entry
- RHBZ#2345150 issue-tracking x_refsource_REDHAT
- RHBZ#2345150 issue-tracking x_refsource_REDHAT
- RHSA-2025:1915 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1917 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-1244 x_refsource_REDHAT vdb-entry
- RHSA-2025:1915 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1917 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-1244 x_refsource_REDHAT vdb-entry
- RHBZ#2345150 issue-tracking x_refsource_REDHAT
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1
- http://www.openwall.com/lists/oss-security/2025/03/01/2
- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390
- RHSA-2025:1915 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1917 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1961 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1962 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1963 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1964 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2022 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2130 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2157 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-1244 x_refsource_REDHAT vdb-entry
- RHBZ#2345150 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2025/03/01/2
- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1
- RHSA-2025:1915 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1917 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1961 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1962 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1963 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1964 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2022 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2130 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2157 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2195 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-1244 x_refsource_REDHAT vdb-entry
- RHBZ#2345150 issue-tracking x_refsource_REDHAT
- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1
- http://www.openwall.com/lists/oss-security/2025/03/01/2
- RHSA-2025:1915 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1917 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1961 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1962 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1963 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1964 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2022 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2130 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2157 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2195 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2754 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-1244 x_refsource_REDHAT vdb-entry
- RHBZ#2345150 issue-tracking x_refsource_REDHAT
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1
- http://www.openwall.com/lists/oss-security/2025/03/01/2
- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390
- RHSA-2025:1915 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1917 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1961 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1962 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1963 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1964 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2022 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2130 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2157 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2195 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2754 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-1244 x_refsource_REDHAT vdb-entry
- RHBZ#2345150 issue-tracking x_refsource_REDHAT
- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1
- http://www.openwall.com/lists/oss-security/2025/03/01/2
- RHSA-2025:1915 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1917 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1961 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1962 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1963 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1964 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2022 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2130 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2157 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2195 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2754 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-1244 x_refsource_REDHAT vdb-entry
- RHBZ#2345150 issue-tracking x_refsource_REDHAT
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1
- http://www.openwall.com/lists/oss-security/2025/03/01/2
- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390
- RHSA-2025:1915 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1917 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1961 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1962 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1963 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1964 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2022 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2130 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2157 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2195 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2754 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-1244 x_refsource_REDHAT vdb-entry
- RHBZ#2345150 issue-tracking x_refsource_REDHAT
- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1
- http://www.openwall.com/lists/oss-security/2025/03/01/2
- RHSA-2025:2022 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2130 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2157 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2195 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2754 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-1244 x_refsource_REDHAT vdb-entry
- RHBZ#2345150 issue-tracking x_refsource_REDHAT
- RHSA-2025:1915 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1917 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1961 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1962 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1963 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1964 vendor-advisory x_refsource_REDHAT
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1
- http://www.openwall.com/lists/oss-security/2025/03/01/2
- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390
- RHSA-2025:1915 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1917 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1961 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1962 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1963 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1964 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2022 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2130 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2157 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2195 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2754 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-1244 x_refsource_REDHAT vdb-entry
- RHBZ#2345150 issue-tracking x_refsource_REDHAT
- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1
- http://www.openwall.com/lists/oss-security/2025/03/01/2
- RHSA-2025:1915 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1917 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1961 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1962 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1963 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1964 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2022 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2130 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2157 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2195 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2754 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-1244 x_refsource_REDHAT vdb-entry
- RHBZ#2345150 issue-tracking x_refsource_REDHAT
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1
- http://www.openwall.com/lists/oss-security/2025/03/01/2
- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390
- RHSA-2025:1915 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1917 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1961 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1962 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1963 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1964 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2022 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2130 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2157 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2195 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2754 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-1244 x_refsource_REDHAT vdb-entry
- RHBZ#2345150 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2025/03/01/2
- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1
- RHSA-2025:1915 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1917 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1961 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1962 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1963 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1964 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2022 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2130 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2157 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2195 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2754 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-1244 x_refsource_REDHAT vdb-entry
- RHBZ#2345150 issue-tracking x_refsource_REDHAT
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1
- http://www.openwall.com/lists/oss-security/2025/03/01/2
- https://lists.debian.org/debian-lts-announce/2025/02/msg00033.html
- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390
- RHSA-2025:1915 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1917 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1961 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1962 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1963 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1964 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2022 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2130 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2157 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2195 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2754 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-1244 x_refsource_REDHAT vdb-entry
- RHBZ#2345150 issue-tracking x_refsource_REDHAT
- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1
- http://www.openwall.com/lists/oss-security/2025/03/01/2
- https://lists.debian.org/debian-lts-announce/2025/02/msg00033.html
- RHSA-2025:1915 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1917 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1961 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1962 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1963 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1964 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2022 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2130 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2157 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2195 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2754 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-1244 x_refsource_REDHAT vdb-entry
- RHBZ#2345150 issue-tracking x_refsource_REDHAT
- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1
- http://www.openwall.com/lists/oss-security/2025/03/01/2
- https://lists.debian.org/debian-lts-announce/2025/02/msg00033.html
- RHSA-2025:1915 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1917 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1961 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1962 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1963 vendor-advisory x_refsource_REDHAT
- RHSA-2025:1964 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2022 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2130 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2157 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2195 vendor-advisory x_refsource_REDHAT
- RHSA-2025:2754 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-1244 x_refsource_REDHAT vdb-entry
- RHBZ#2345150 issue-tracking x_refsource_REDHAT
- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390
- https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1
- http://www.openwall.com/lists/oss-security/2025/03/01/2
- https://lists.debian.org/debian-lts-announce/2025/02/msg00033.html
Affected products
emacs
- <29.4.0
- *
openshift-builds/openshift-builds-git-cloner-rhel9
- *
registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9
- *
Matching in nixpkgs
pkgs.uemacs
Linus Torvalds's random version of microemacs with his personal modifications
-
nixos-unstable -
- nixpkgs-unstable 4.0-unstable-2018-07-19
pkgs.chemacs2
Emacs version switcher, improved
-
nixos-unstable -
- nixpkgs-unstable 0-unstable-2023-01-20
pkgs.emacs30-nox
Extensible, customizable GNU text editor
-
nixos-unstable -
- nixpkgs-unstable 30.2
pkgs.emacs30-gtk3
Extensible, customizable GNU text editor
-
nixos-unstable -
- nixpkgs-unstable gtk3-30.2
pkgs.emacs30-pgtk
Extensible, customizable GNU text editor
-
nixos-unstable -
- nixpkgs-unstable 30.2
pkgs.emacsMacport
Extensible, customizable GNU text editor - macport variant
-
nixos-unstable -
- nixpkgs-unstable 30.2.50
pkgs.pinentry-emacs
GnuPG’s interface to passphrase input
-
nixos-unstable -
- nixpkgs-unstable 1.3.2
pkgs.emacsNativeComp
Extensible, customizable GNU text editor
-
nixos-unstable -
- nixpkgs-unstable 30.2
pkgs.emacs-lsp-booster
Emacs LSP performance booster
-
nixos-unstable -
- nixpkgs-unstable 0.2.1
pkgs.parinfer-rust-emacs
Emacs centric fork of parinfer-rust
-
nixos-unstable -
- nixpkgs-unstable 0.4.7
pkgs.emacsclient-commands
Collection of small shell utilities that connect to a local Emacs server
-
nixos-unstable -
- nixpkgs-unstable 0-unstable-2023-09-22
pkgs.haskellPackages.emacs-module
Utilities to write Emacs dynamic modules
-
nixos-unstable -
- nixpkgs-unstable 0.2.1
pkgs.haskellPackages.yi-keymap-emacs
Emacs keymap for Yi editor
-
nixos-unstable -
- nixpkgs-unstable 0.19.0
pkgs.haskellPackages.yi-emacs-colours
Simple mapping from colour names used in emacs to Color
-
nixos-unstable -
- nixpkgs-unstable 0.1.0.1
pkgs.vscode-extensions.tuttieee.emacs-mcx
Awesome Emacs Keymap - VSCode emacs keybinding with multi cursor support
-
nixos-unstable -
- nixpkgs-unstable 0.90.8
pkgs.gnomeExtensions.emacs-search-provider
Search for your Emacs projects easily
-
nixos-unstable -
- nixpkgs-unstable 4
pkgs.vscode-extensions.jamesyang999.vscode-emacs-minimum
Minimal emacs key bindings for VSCode
-
nixos-unstable -
- nixpkgs-unstable jamesyang999-vscode-emacs-minimum-1.1.1
Package maintainers
-
@lovek323 Jason O'Conal <jason@oconal.id.au>
-
@adisbladis Adam Hose <adisbladis@gmail.com>
-
@jwiegley John Wiegley <johnw@newartisans.com>
-
@panchoh pancho horrillo <pancho@pancho.name>
-
@matthewbauer Matthew Bauer <mjbauer95@gmail.com>
-
@AndersonTorres Anderson Torres <torres.anderson.85@protonmail.com>
-
@rlupton20 Richard Lupton <richard.lupton@gmail.com>
-
@Icy-Thought Icy-Thought <gilganyx@pm.me>
-
@kfiz kfiz <doroerose@gmail.com>
-
@lolbinarycat binarycat <binarycat@envs.net>
-
@honnip Jung seungwoo <me@honnip.page>
-
@brsvh Burgess Chang <bsc@brsvh.org>
-
@fpletz Franz Pletz <fpletz@fnordicwalking.de>
-
@iblech Ingo Blechschmidt <iblech@speicherleck.de>
-
@networkException networkException <nix@nwex.de>