CVE-2025-2071

Summary

A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. Affected WebUI parameters are "hd" and "pi".

Affected Software

VendorProductVersion RangeStatus
FAST LTAFAST LTA Silent Brick WebUIWebUI Release 2.45 (Linux 5.4.109-gentoo-FAST) < 2.63.04affected

Weaknesses

  • CWE-78: CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References