CVE-2025-6281 Gotenberg ExifTool stdin Argument Injection via Metadata Newlines

ExifTool stdin Parameter Injection Vulnerability Summary Vulnerability Overview Vulnerability Name: ExifTool stdin argument injection via metadata value newlines (bypass of key sanitization fix in v8.30.1) CVE ID: CVE-2025-6281 Severity: Critical (10.0 / 10) Root Cause: In version v8.30.1, although security filtering was introduced for metadata keys ( ), metadata values were still passed directly to without sanitization. When a value contains a newline character , it is parsed by as two separate arguments, allowing the injection of arbitrary ExifTool pseudo-tags (such as , , , etc.), resulting in command injection. Impact Scope Affected Versions: v8.30.1 and below. Attacker Privileges: Unauthenticated. Specific Impacts: 1. File Renaming/Moving: Moving the PDF being processed to any path within the container's file system. 2. Overwriting Arbitrary Files: For example, overwriting via or , thereby corrupting the system user database. 3. Creating Symbolic Links: Creating symbolic links to arbitrary paths via , enabling subsequent read/write operations. 4. Creating Hard Links: Persisting data via , bypassing temporary directory cleanup. Remediation Fixed Version: v8.31.0 Code Fix Logic: In the function, apply the same validation logic used for keys to metadata values, or escape/percent-encode newline characters before passing them to . POC Code (Steps to Reproduce) 1. Start Gotenberg: 2. Create Test PDF: 3. Inject via Value Newline (Filename Injection): 4. Verify Injection (Inside Container): 5. Symbolic Link Injection (Symlink Injection):**

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-6281 Gotenberg ExifTool stdin Argument Injection via Metadata Newlines

More from this source