CVE-2025-70093

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.

References

https://www.opensourcepos.org

https://github.com/opensourcepos/opensourcepos/pull/4357

https://github.com/hungnqdz/cve-research/blob/main/CVE-2025-70093.md