{"id":26667,"date":"2025-04-18T20:08:44","date_gmt":"2025-04-18T20:08:44","guid":{"rendered":""},"modified":"2025-09-16T07:09:02","modified_gmt":"2025-09-16T13:09:02","slug":"cve-2025-32931-critical-os-command-injection-vulnerability-in-devdojo-voyager","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-32931-critical-os-command-injection-vulnerability-in-devdojo-voyager\/","title":{"rendered":"CVE-2025-32931: Critical OS Command Injection Vulnerability in DevDojo Voyager<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

CVE-2025-32931 is a critical vulnerability with a CVSS severity score of 9.1 that impacts DevDojo Voyager versions 1.4.0 through 1.8.0, specifically when Laravel 8 or later is used. This vulnerability enables authenticated administrators to execute arbitrary operating system commands through a specific ‘php artisan’ command. As such, it poses a significant risk to system security, potentially leading to system<\/a> compromise or data leakage.
\nThis vulnerability is of particular concern due<\/a> to its high severity, widespread impact, and the potential for significant operational disruptions and data breaches. Businesses and organizations utilizing DevDojo Voyager in their environments are strongly advised to take immediate action to mitigate this vulnerability<\/a>.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-32931
\nSeverity: Critical (CVSS: 9.1)
\nAttack Vector: Network
\nPrivileges Required: High (Administrator)
\nUser Interaction: Required
\nImpact: System compromise, potential data<\/a> leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n