Unrated severityNVD Advisory· Published Feb 27, 2026· Updated Mar 2, 2026
Copeland XWEB and XWEB Pro OS Command Injection
CVE-2026-25037
Description
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Copeland/Copeland XWEB 300D PROv5Range: 0
- Copeland/Copeland XWEB 500B PROv5Range: 0
- Copeland/Copeland XWEB 500D PROv5Range: 0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.