Primary

Context

NASA Fprime Template Injection Vulnerability Allowing Remote Code Execution

Vulnerability

A template injection vulnerability has been identified in the Dashboard of NASA Fprime version 3.4.3. This vulnerability allows attackers to execute arbitrary code by uploading a specially crafted Vue file. The issue arises because user input is directly inserted into a Vue template without proper sanitization, enabling the execution of malicious scripts.

Impact

Exploitation of this vulnerability allows for remote code execution on the system where Fprime is running, including on spacecraft during missions.

Reproduction

To reproduce this vulnerability, upload a Vue file containing a malicious script payload through the application's file upload feature. Once the file is uploaded, the injected script will execute automatically when the dashboard is loaded, without any user interaction.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NASA Fprime Template Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating