CVE-2025-10589

Summary

The N-Reporter, N-Cloud, and N-Probe developed by N-Partner has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.

Affected Software

VendorProductVersion RangeStatus
N-PartnerN-Reporter6 < 6.1.187affected
N-PartnerN-Reporter7 < 7.0.009affected
N-PartnerN-Cloud6 < 6.1.187affected
N-PartnerN-Cloud7 < 7.0.009affected
N-PartnerN-Probe6 < 6.1.187affected
N-PartnerN-Probe7 < 7.0.009affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References