Fluid Attacks Database

Description

A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	emacs	>=0 <1:30.1+1-1	1:30.1+1-1
debian 12	emacs	=1:28.2+1-15 \|\| =1:28.2+1-15+deb12u1 \|\| =1:28.2+1-15+deb12u2 \|\| =1:28.2+1-15+deb12u3 \|\| >=0 <1:28.2+1-15+deb12u4	1:28.2+1-15+deb12u4
debian 13	emacs	>=0 <1:30.1+1-1	1:30.1+1-1
debian 11	emacs	=1:27.1+1-3.1 \|\| =1:27.1+1-3.1+deb11u1 \|\| =1:27.1+1-3.1+deb11u2 \|\| =1:27.1+1-3.1+deb11u3 \|\| =1:27.1+1-3.1+deb11u4 \|\| =1:27.1+1-3.1+deb11u5 \|\| >=0 <1:27.1+1-3.1+deb11u6	1:27.1+1-3.1+deb11u6
rpm rhel6	emacs	-	-
rpm rhel8.8	emacs	<1:26.1-10.el8_8.7	1:26.1-10.el8_8.7
rpm rhel8	emacs	<1:26.1-13.el8_10	1:26.1-13.el8_10
rpm rhel7	emacs	-	-
rpm rhel9	emacs	<1:27.2-11.el9_5.1	1:27.2-11.el9_5.1
rpm rhel9.2	emacs	<1:27.2-8.el9_2.2	1:27.2-8.el9_2.2

1-10 of 11

Aliases

1. CVE-2025-12442. NVD-2025-12443. OSV-DEBIAN-2025-12444. OSV-2025-12445. SECURITY-TRACKER-CVE-2025-1244

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.