CVE-2025-29157: Command Injection

Published Sep 25, 2025

Updated

An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name (default) and server version

Affected Software

2 affected components

petstore petstore

SMARTBEAR Swagger Petstore=1.0.7

Event History

Sep 25, 2025

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

Description

Data Sourced

via NVD·07:15 PM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2025-29157?

CVE-2025-29157 has been classified as a high-severity vulnerability due to its potential for remote code execution.

How do I fix CVE-2025-29157?

To fix CVE-2025-29157, update your petstore application to version 1.0.8 or later, which addresses the vulnerability.

What types of attacks can be executed through CVE-2025-29157?

CVE-2025-29157 allows remote attackers to execute arbitrary code by accessing a non-existent endpoint that exposes sensitive server information.

Which versions of petstore are affected by CVE-2025-29157?

CVE-2025-29157 affects petstore version 1.0.7 and earlier.

What information can be leaked due to CVE-2025-29157?

CVE-2025-29157 may expose sensitive information, including the default Servlet name and the server version, through a 404-error page.

CVE-2025-29157: Command Injection

Affected Software

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2025-29157?

How do I fix CVE-2025-29157?

What types of attacks can be executed through CVE-2025-29157?

Which versions of petstore are affected by CVE-2025-29157?

What information can be leaked due to CVE-2025-29157?

Company

Resources

Contact