LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2025-15060

CVE-2025-15060 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 16, 2026

claude-hovercraft - Command Injection

Published: March 16, 2026Updated: March 16, 2026Remote Exploitable

Overview

claude-hovercraft contains a command injection caused by improper validation of user-supplied input in executeClaudeCode method, letting remote attackers execute arbitrary code without authentication.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 171.5%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary code with service account privileges, potentially compromising the system.

Mitigation

Update to the latest version of claude-hovercraft.

References

Social Media Activity(1 post)

ZEN SecDB
ZEN SecDB
@secdb
Mar 23, 2026

📈 CVE Published in last 7 days (2026-03-16 - 2026-03-23) See more at https://secdb.nttzen.cloud/dashboard Total CVEs: 1444 Severity: - Critical: 89 - High: 472 - Medium: 648 - Low: 83 - None: 152 Status: - : 57 - Analyzed: 366 - Awaiting Analysis: 475 - Modified: 12 - Received: 339 - Rejected: 13 - Undergoing Analysis: 182 Top CNAs: - GitHub, Inc.: 376 - VulnCheck: 209 - VulDB: 151 - Wordfence: 133 - MITRE: 72 - N/A: 57 - kernel.org: 45 - Patchstack: 39 - Chrome: 26 - Zero Day Initiative: 23 Top Affected Products: - UNKNOWN: 994 - Openclaw: 79 - Google Chrome: 26 - Mattermost Server: 20 - Canva Affinity: 19 - Dlink Dns-321 Firmware: 15 - Dlink Dns-320 Firmware: 15 - Dlink Dns-345 Firmware: 15 - Dlink Dns-326 Firmware: 15 - Dlink Dns-1100-4 Firmware: 15 Top EPSS Score: - CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493) - CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260) - CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257) - CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596) - CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583) - CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497) - CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259) - CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060) - CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258) - CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)

View original post

Related Resources

Details

CVE ID
CVE-2025-15060
Severity
Critical
CVSS Score
9.8
Type
command_injection
Status
unconfirmed
EPSS
171.5%
Social Posts
1

CWE

  • CWE-78

CVSS Metrics

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

171.5%Probability of exploitation in the next 30 days