CVE-2025-0914

EUVD-2025-5451
An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where this was explicitly forbidden by configuring the prevent_execve flag in the configuration file. This setting is not usually recommended and is uncommonly used, so this issue will only affect users who do set it. This issue is fixed in release 0.73.4.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
rapid7CNA
3.8 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
rapid7velociraptor
𝑥
< 0.73.4
CNA
Common Weakness Enumeration
References
https://docs.velociraptor.app/announcements/advisories/cve-2025-0914/