CNNVD-202512-2325 Information

CNNVD ID

CNNVD-202512-2325

Related CVE

CVE-2024-14010

• CNNVD Published: 2025-12-12

Description (Chinese)

Typora是Typora开源的一款编辑器。 Typora 1.7.4版本存在操作系统命令注入漏洞，该漏洞源于PDF导出首选项存在命令注入，可能导致执行任意系统命令。

Description (English)

Typola is an editor of Typola’s open source. Version 1.7.4 of Typola contains a loophole in the operating system command, which stems from the fact that the PDF export preferred option exists in the command, which may lead to the execution of an arbitrary system command.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

Typora

Published

2025-12-12

Last Modified

2026-02-24

References

http://www.typora.io https://www.exploit-db.com/exploits/51752 https://www.vulncheck.com/advisories/typora-os-command-injection-via-export-pdf-preferences