Advisories » MGASA-2026-0138

Updated awstats packages fix security vulnerability

Publication date: 15 May 2026
Modification date: 15 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-63261

Description

AWStats is vulnerable to Command Injection via the open function.
(CVE-2025-63261)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=35407
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GP4DGW2LGHINXKYPZWR2WJ5DMROGGO66/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-63261

SRPMS

9/core

• awstats-7.9-1.1.mga9