7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-61141

GHSA ID

GHSA-f9f4-5859-29mf

EPSS Score

0.78565%

CWE

CWE-77

Published

10/30/2025

Updated

10/31/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-61141

CVE-2025-61141: sqls-server/sqls is vulnerable to command injection in the config command

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands.

This issue has been patched via commit https://github.com/sqls-server/sqls/commit/468a23fc89af89f632cc023a10c031e4bc781797.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-61141

CVE-2025-61141:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-61141

GHSA ID

GHSA-f9f4-5859-29mf

EPSS Score

0.78565%

CWE

CWE-77

Published

10/30/2025

Updated

10/31/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/sqls-server/sqls	go	= 0.2.28

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability exists in the openEditor function in main.go. The function was responsible for opening the configuration file in an editor. The vulnerability was introduced by the use of exec.Command("sh", "-c", command), which passes the command to the shell for execution. The command variable was constructed by concatenating the editor program (from the EDITOR environment variable) and the file path. An attacker could set a malicious EDITOR environment variable (e.g., vim; id) to execute arbitrary commands. The patch fixes this by using exec.Command(program, args...), which executes the program directly without a shell, thus preventing command injection.

Vulnerable functions

openEditor

main.go

The `openEditor` function was vulnerable to command injection because it used `exec.Command("sh", "-c", ...)` to execute an external editor. The `program` argument, which is derived from the `EDITOR` environment variable, was concatenated with other arguments and passed to the shell. This allowed an attacker to control the `EDITOR` environment variable to execute arbitrary commands.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-61141: sqls-server/sqls is vulnerable to command injection in the config command

CVE-2025-61141:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2025-61141: sqls-server/sqls is vulnerable to command injection in the config command

Basic Information

Basic Information

7.5

7.5

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI