Fix for CVE-2025-13447

Fixed a command injection Remote Code Execution (RCE) vulnerability in the User Interface (UI) and in the Application Programming Interface (API) commands listed below, which have been updated to prevent unintended execution of remote commands:

  • Add an API key (addapikey)
  • Delete an API key (delapikey)
  • Delete a certificate (delcert)
  • List API keys (listapikeys)

For further information, refer to the CVE details.

Fix for CVE-2025-13444

Fixed a command injection Remote Code Execution (RCE) vulnerability in the cipher set UI and getcipherset API command. These have been updated to prevent unintended execution of remote commands. For further information, refer to the CVE details.