Home / Vulnerability Intelligence / CVE-2025-69219

CVE-2025-69219 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 10, 2026

Triggerer - Command Injection

Published: March 9, 2026Updated: March 10, 2026PoC AvailableRemote Exploitable

Overview

Triggerer contains a command injection caused by crafted database entries, letting users with database access execute code with Dag Author permissions, exploit requires direct database access.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 5.1%(Probability of exploitation in next 30 days)

Impact

Users with database access can execute code with elevated Dag Author permissions, potentially leading to privilege escalation.

Mitigation

Upgrade to version 6.0.0.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 9, 2026

🟠 CVE-2025-69219 - High (8.8) A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airfl... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69219/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

GitHub Repositories(2 repos)

Related Resources

Details

CVE ID: CVE-2025-69219
Severity: High
CVSS Score: 8.8
Type: command_injection
Status: confirmed
EPSS: 5.1%
Social Posts: 1

CWE

CWE-913

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

5.1%Probability of exploitation in the next 30 days