Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
ZoneMinder allows unauthorized system access
DEBIAN-CVE-2025-65791
Summary
A weakness in ZoneMinder's image view feature could let attackers run unauthorized commands on the system. This could lead to sensitive information being stolen or the system being taken over. Update ZoneMinder to a secure version to prevent this risk.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| debian | zoneminder | All versions | – |
| debian | zoneminder | All versions | – |
| debian | zoneminder | All versions | – |
| debian | zoneminder | All versions | – |
Original title
ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec() function. NOTE: this is disputed by the Supplier ...
Original description
ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec() function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php.
osv CVSS3.1
9.8
- https://security-tracker.debian.org/tracker/CVE-2025-65791 Vendor Advisory
Published: 18 Feb 2026 · Updated: 13 Mar 2026 · First seen: 13 Mar 2026