VYPR
Unrated severityNVD Advisory· Published Mar 24, 2026· Updated Mar 24, 2026

Command Execution vulnerability in Simplicity Installer

CVE-2025-11571

Description

Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution. The commands allowed to execute can open executables. However, the commands cannot pass parameters or arguments. To successfully execute this attack, the attacker needs to be on the same network.

Affected products

2
  • silabs.com/Simplicity Installer tool (Silicon Labs Tool - SLT) for Simplicity Studio v6v5
    Range: 0
  • silabs.com/Simplicity Studio v5v5
    Range: 0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.