A critical OS command injection vulnerability in Termix allows authenticated users to execute arbitrary commands on connected remote hosts.

The GET /ssh/file_manager/ssh/resolvePath endpoint fails to properly sanitize input for shell command construction. An authenticated user with an active File Manager SSH session can bypass quote escaping to inject and execute arbitrary OS commands on the connected remote host.

This vulnerability carries a CVSS score of 9.9, indicating an extremely high risk of full system compromise. Successful exploitation allows an attacker to gain remote code execution capabilities on the host infrastructure, potentially leading to total data exfiltration, lateral movement, or complete system takeover.

Immediate Action: Upgrade the Termix platform to version 2.3.2 or later immediately.

Proactive Monitoring: Review access logs for anomalous command patterns or unexpected shell executions originating from the File Manager SSH session context.

Compensating Controls: Implement strict session monitoring and restrict access to the File Manager SSH functionality to only essential administrative personnel.

Public Exploit Available: False

The severity of this flaw necessitates an immediate upgrade to version 2.3.2. Organizations should treat this as a high-priority incident, as the vulnerability effectively grants command-line access to the underlying infrastructure for any user with a valid session.