Critical severity10.0NVD Advisory· Published Nov 26, 2025· Updated Apr 15, 2026

CVE-2025-64126

Description

An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a valid IP address or filtering potentially malicious characters. This could allow an unauthenticated attacker to inject arbitrary commands.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-329-03.jsonnvd
wiki.zenitel.com/wiki/Downloadsnvd
www.cisa.gov/news-events/ics-advisories/icsa-25-329-03nvd

News mentions

No linked articles in our index yet.

cvss	0.650
epss	0.007
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000