TCIV-3+
by Zenitel
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-64130 | Cri | 0.64 | 9.8 | 0.01 | Nov 26, 2025 | Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser. | ||
| CVE-2025-64129 | Hig | 0.49 | 7.6 | 0.00 | Nov 26, 2025 | Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device. | ||
| CVE-2025-59818 | 0.00 | — | 0.00 | Feb 4, 2026 | This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file. | |||
| CVE-2025-64091 | 0.00 | — | 0.00 | Jan 9, 2026 | This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device. | |||
| CVE-2025-64090 | 0.00 | — | 0.00 | Jan 9, 2026 | This vulnerability allows authenticated attackers to execute commands via the hostname of the device. |
- risk 0.64cvss 9.8epss 0.01
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser.
- risk 0.49cvss 7.6epss 0.00
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device.
- CVE-2025-59818Feb 4, 2026risk 0.00cvss —epss 0.00
This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.
- CVE-2025-64091Jan 9, 2026risk 0.00cvss —epss 0.00
This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.
- CVE-2025-64090Jan 9, 2026risk 0.00cvss —epss 0.00
This vulnerability allows authenticated attackers to execute commands via the hostname of the device.