Tag
An authenticated OS command injection vulnerability, CVE-2025-30007, in HestiaCP before version 1.9.5 allows low-privilege users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types, leading to full root code execution on the underlying host.