CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-28386

A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.0%

CVSS Severity

CVSS v3 Score 9.8

References

https://openc3.com/
https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework/
https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework/

Products affected by CVE-2025-28386

Openc3 » Cosmos » Version: 6.0.0

cpe:2.3:a:openc3:cosmos:6.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-28386

Products

Pricing

Contact Us