CVE-2025-47240
Published May 5, 2025
Last updated 2 days ago
AI description
CVE-2025-47240 involves a remote code execution vulnerability in Fastify view rendering due to untrusted input. An exploit for this vulnerability is publicly available. Another CVE, CVE-2025-47244, describes a vulnerability in Inedo ProGet through 2024.22. It allows remote attackers to access restricted functionality via the C# reflection layer. This can lead to a denial of service by executing a loop that calls RestartWeb, or it can allow attackers to obtain sensitive information. Exploitation is possible if anonymous access is enabled or through a successful CSRF attack.
- Description
- Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
- Source
- cve@mitre.org
- NVD status
- Rejected
- Hype score
- Not currently trending
CVE-2025-47240: Remote Code Execution via @fastify/view raw rendering PoC https://t.co/cLIK7MtEj6 https://t.co/rbN0Zuo56P
@cyber_advising
4 May 2025
6218 Impressions
28 Retweets
104 Likes
56 Bookmarks
0 Replies
0 Quotes
GitHub - Oblivionsage/fastify-cve-2025-47240: PoC and write-up for CVE-2025-47240 — RCE in @fastify/view via EJS raw template injection - https://t.co/XoKG9a7CNN
@piedpiper1616
4 May 2025
2023 Impressions
16 Retweets
45 Likes
11 Bookmarks
1 Reply
0 Quotes
Just dropped my first CVE and 0day Remote Code Execution in fastify/view via raw EJS template injection CVE-2025-47240 — full command execution Full PoC & write-up: https://t.co/YOHzAif6Z6 #infosec #bugbounty #CVE #RCE #javascript
@theoblivionsage
3 May 2025
175 Impressions
0 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes