PatchSiren cyber security CVE debrief
CVE-2025-56814 OpenCPN CVE debrief
CVE-2025-56814 is a HIGH severity vulnerability in OpenCPN v5.12.0, allowing attackers to execute arbitrary code via shell metacharacters in the wxExecute() function. The vulnerability has a CVSS score of 7.8 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2025-56814).
- Vendor
- OpenCPN
- Product
- OpenCPN 5.12.0
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of OpenCPN v5.12.0 should apply patches or mitigations to prevent code injection attacks.
Technical summary
The vulnerability is caused by a code injection issue in the wxExecute() function of OpenCPN v5.12.0. Attackers can exploit this vulnerability by embedding shell metacharacters, allowing them to execute arbitrary code.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates to OpenCPN v5.12.0 to fix the wxExecute() function vulnerability.
- Use secure coding practices to prevent code injection attacks.
- Monitor OpenCPN for any suspicious activity.
Evidence notes
The vulnerability was reported via [ref-4](https://jihoo-portfolio.vercel.app/posts/opencpn-rce-command-injection).
Official resources
-
CVE-2025-56814 CVE record
CVE.org
-
CVE-2025-56814 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-56814 was published on 2026-06-15T20:16:24.587Z and modified on 2026-06-15T21:16:37.787Z.