Unrated severityNVD Advisory· Published Feb 4, 2026· Updated Feb 4, 2026
Authenticated Remote Code Execution via the file name of an uploaded file
CVE-2025-59818
Description
This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.
Affected products
1- Zenitel/TCIS-3+v5Range: <9.2.3.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdfmitrevendor-advisory
- wiki.zenitel.com/wiki/Turbine_9.3_-_Release_notesmitrerelease-notes
- wiki.zenitel.com/wiki/VSF-Display_Series_9.3_Release_Notesmitrerelease-notes
- wiki.zenitel.com/wiki/VSF-Fortitude6_9.3_Release_Notesmitrerelease-notes
- wiki.zenitel.com/wiki/VSF-Fortitude8_9.3_Release_Notesmitrerelease-notes
- wiki.zenitel.com/wiki/ZIPS_9.3_-_Release_notesmitrerelease-notes
News mentions
0No linked articles in our index yet.