PatchSiren cyber security CVE debrief
CVE-2026-25855 openbullet CVE debrief
CVE-2026-25855 is a high-severity remote code execution vulnerability in OpenBullet2 through version 0.3.2. The vulnerability allows authenticated users to execute arbitrary commands by uploading script files (.bat.ps1.sh) through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources, causing the server to execute the scripts and return output as proxy lines, resulting in arbitrary command execution on the host as the process user.
- Vendor
- openbullet
- Product
- openbullet2
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Users of OpenBullet2 version 0.3.2 or earlier should apply patches or mitigations to prevent exploitation of this vulnerability.
Technical summary
The vulnerability has a CVSS score of 8.7 and is classified as HIGH severity. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
high
Recommended defensive actions
- Apply patches or updates to OpenBullet2 to prevent exploitation of this vulnerability.
- Restrict access to the FileProxySource feature to only trusted users.
- Monitor for suspicious activity related to script file uploads and execution.
Evidence notes
The CVE record and NVD detail can be found at resourceLinkAnnotations 'cve-org' and 'nvd'.
Official resources
CVE-2026-25855 was published on 2026-06-08T17:16:41.380Z and modified on 2026-06-09T13:51:18.770Z.