Critical severity10.0NVD Advisory· Published Nov 26, 2025· Updated Apr 15, 2026

CVE-2025-64128

Description

An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, which could permit attackers to append arbitrary data. This could allow an unauthenticated attacker to inject arbitrary commands.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-329-03.jsonnvd
wiki.zenitel.com/wiki/Downloadsnvd
www.cisa.gov/news-events/ics-advisories/icsa-25-329-03nvd

News mentions

No linked articles in our index yet.

cvss	0.650
epss	0.007
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000