CVE-2025-54314: OS Command Injection
Published Jul 20, 2025
·Updated
Thor before 1.4.0 can construct an unsafe shell command from library input.
Affected Software
3 affected componentsFixes available
Thor Thor<1.4.0
rubygems/thor<1.4.0
1.4.0
IBM Aspera Faspex 5<=5.0.0 - 5.0.13.1
Event History
Jul 20, 2025
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·03:15 AM
DescriptionSeverityWeakness
Advisory Published
via GitHub·03:30 AM
Data Sourced
via GitHub·03:30 AM
DescriptionSeverityWeaknessAffected Software
Oct 8, 2025
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-54314?
CVE-2025-54314 is classified as a high-severity vulnerability due to the potential for arbitrary command execution.
2
How do I fix CVE-2025-54314?
To fix CVE-2025-54314, update Thor to version 1.4.0 or later.
3
What impact does CVE-2025-54314 have on my system?
CVE-2025-54314 can allow attackers to execute arbitrary shell commands by exploiting unsafe command construction.
4
Which versions of Thor are affected by CVE-2025-54314?
CVE-2025-54314 affects all versions of Thor prior to 1.4.0.
5
Is there a workaround for CVE-2025-54314 if I can't update?
If updating isn't an option, avoid using any features of Thor that construct shell commands from untrusted input.