Main Vulnerability Database Exploits ID:12356 - Exploit for Improper Neutralization of Argument Delimiters in a Command in Apache bRPC - CVE-2025-60021

ID:12356 - Exploit for Improper Neutralization of Argument Delimiters in a Command in Apache bRPC - CVE-2025-60021

Published: February 6, 2026

Vulnerability identifier: #VU121614

Vulnerability risk: Medium

CVE-ID: CVE-2025-60021

CWE-ID: CWE-88

Exploitation vector: Remote access

Vulnerable software:
Apache bRPC

Link to public exploit:

https://github.com/Mefhika120/Ashwesker-CVE-2025-60021

Vulnerability description

The vulnerability allows a remote user to execute arbitrary OS commands on the system.

The vulnerability exists due to improper input validation within the bRPC heap profiler built-in service (/pprof/heap). A remote user can pass specially crafted input via the extra_options parameter and executes it as a command-line argument.

Remediation

Install updates from vendor's website.

ID:12356 - Exploit for Improper Neutralization of Argument Delimiters in a Command in Apache bRPC - CVE-2025-60021

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human