Primary

Context

Apache Guacamole Console Code Injection Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Patched

A vulnerability exists in the terminal emulator of Apache Guacamole in versions through 1.5.5. The issue arises because the application fails to properly validate console codes received from servers over text-based protocols such as SSH. This flaw could enable a malicious user with access to a text-based connection to execute arbitrary code with the privileges of the guacd process, by sending a specially-crafted sequence of console codes.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the server, with the same privileges as the guacd process.

Remediation

Users are advised to upgrade to Apache Guacamole version 1.6.0 or later, which addresses this vulnerability.

Added: Jul 2, 2025, 12:17 PM

Updated: Jul 2, 2025, 12:17 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

7.5

exploitability

5.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

7.5

exploitability

5.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Guacamole Console Code Injection Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Apache Guacamole

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating