Critical severity10.0NVD Advisory· Published Nov 26, 2025· Updated Apr 15, 2026

CVE-2025-64127

Description

An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate validation. This could allow an unauthenticated attacker to execute arbitrary commands remotely.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-329-03.jsonnvd
wiki.zenitel.com/wiki/Downloadsnvd
www.cisa.gov/news-events/ics-advisories/icsa-25-329-03nvd

News mentions

No linked articles in our index yet.

cvss	0.650
epss	0.007
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000