Zenitel
Products
4- 4 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-64130 | Cri | 0.64 | 9.8 | 0.00 | Nov 26, 2025 | Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser. | ||
| CVE-2025-59814 | Hig | 0.57 | 8.8 | 0.00 | Sep 25, 2025 | This vulnerability allows malicious actors to gain unauthorized access to the Zenitel ICX500 and ICX510 Gateway Billing Admin endpoint, enabling them to read the entire contents of the Billing Admin database. | ||
| CVE-2025-59815 | Hig | 0.55 | 8.4 | 0.00 | Sep 25, 2025 | This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Exploitation can compromise the device’s availability, confidentiality, and integrity. | ||
| CVE-2025-64129 | Hig | 0.49 | 7.6 | 0.00 | Nov 26, 2025 | Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device. | ||
| CVE-2025-59816 | Hig | 0.47 | 7.3 | 0.00 | Sep 25, 2025 | This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue. | ||
| CVE-2025-64093 | 0.00 | — | 0.00 | Jan 9, 2026 | Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device. | |||
| CVE-2025-64092 | 0.00 | — | 0.00 | Jan 9, 2026 | This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database. |
- risk 0.64cvss 9.8epss 0.00
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser.
- risk 0.57cvss 8.8epss 0.00
This vulnerability allows malicious actors to gain unauthorized access to the Zenitel ICX500 and ICX510 Gateway Billing Admin endpoint, enabling them to read the entire contents of the Billing Admin database.
- risk 0.55cvss 8.4epss 0.00
This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Exploitation can compromise the device’s availability, confidentiality, and integrity.
- risk 0.49cvss 7.6epss 0.00
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device.
- risk 0.47cvss 7.3epss 0.00
This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue.
- CVE-2025-64093Jan 9, 2026risk 0.00cvss —epss 0.00
Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.
- CVE-2025-64092Jan 9, 2026risk 0.00cvss —epss 0.00
This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database.