CNNVD-202506-2633 Information
Jun 20, 2025
cve
CNNVD ID
CNNVD-202506-2633
Related CVE
- CNNVD Published: 2025-06-20
Description (Chinese)
Velociraptor是Velocidex开源的一种使用 Velociraptor 查询语言(VQL)查询收集基于主机的状态信息的工具。 Velociraptor存在安全漏洞,该漏洞源于Admin.Client.UpdateClientConfig工件未强制执行额外权限,可能导致任意命令执行和端点接管。
Description (English)
Velociraptor is a tool for collecting host-based status information using the Velociraptor query language (VQL) as an open source for Velocidex. Velociraptor has a security loophole, which stems from the failure of Admin.Client.UpdateClientConfig to enforce additional powers, which may result in arbitrary enforcement of orders and end-point takeover.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Velocidex
Published
2025-06-20
Last Modified
2026-02-24
References
https://docs.velociraptor.app/announcements/advisories/cve-2025-6264/
Patch
https://docs.velociraptor.app/downloads/
Share on: