CNNVD-202512-835 Information
CNNVD ID
CNNVD-202512-835
Related CVE
- CNNVD Published: 2025-12-07
Description (Chinese)
TykoTech Fork是LionTech个人开发者的一个AI集成工具。 TykoTech Fork 0.1版本存在操作系统命令注入漏洞,该漏洞源于对文件/.well-known/oauth-authorization-server中参数authorizationUrl的错误操作,可能导致os命令注入。
Description (English)
Tyko Tech Fork is an AI integration tool for Lion Tech personal developers. There is a bug in the operating system command for version TykoTech Fork 0.1, which results from an error in the parameter autoration Url in file/.well-known/auth-auth-authorization-server, which could lead to an Os command injection.
Hazard Level
High
Vulnerability Type
操作系统命令注入
Affected Vendor
个人开发者
Published
2025-12-07
Last Modified
2026-02-24
References
https://vuldb.com/?id.334647 https://lavender-bicycle-a5a.notion.site/TokyoTech-RCE-26153a41781f80b6a370d427a6d307f0 https://vuldb.com/?submit.700182 https://vuldb.com/?ctiid.334647 https://access.redhat.com/security/cve/cve-2025-14204
Share on: