Home / Vulnerability Intelligence / CVE-2025-41368

CVE-2025-41368 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 26, 2026

Small HTTP Server - Remote Code Execution

Published: March 26, 2026Updated: March 26, 2026Remote Exploitable

Overview

Small HTTP Server 3.06.36 contains an unquoted service path vulnerability caused by improper quoting of the executable path, letting local attackers execute arbitrary code by placing malicious executables in higher priority directories, exploit requires local access.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Local attackers can execute arbitrary code, leading to unauthorized system access or service disruption.

Mitigation

Properly quote the service path and apply the latest security patches.

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-small-http-server-smallsrv

Related Resources

Details

CVE ID: CVE-2025-41368
Severity: High
CVSS Score: 8.1
Type: undefined
Status: confirmed

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N