Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
ZoneMinder: Unsecured User Input Can Execute Malicious Commands
CVE-2025-65791
Summary
ZoneMinder, a security camera software, allows hackers to execute unauthorized system commands if they can manipulate user input. This means an attacker could potentially delete files, install malware, or take control of the system. Update to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| zoneminder | zoneminder | 1.36.34 | – |
Original title
ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec() function. NOTE: this is disputed by the Supplier ...
Original description
ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec() function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php.
nvd CVSS3.1
9.8
Vulnerability type
CWE-78
OS Command Injection
- https://github.com/rishavand1/CVE-2025-65791 Exploit Third Party Advisory
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026