CVE-2025-5113

Summary

The Diviotec professional series exposes a web interface. One endpoint is vulnerable to arbitrary command injection and hardcoded passwords are used.

Affected Software

VendorProductVersion RangeStatus
Diviotecnbr222p0 <= 2.0170.3030affected
Diviotecnbr222pv0 <= 2.0170.3030affected
Diviotecnbr224p0 <= 2.0170.3030affected
Diviotecnbr225p0 <= 2.0170.3030affected
Diviotecnbr226p0 <= 2.0170.3030affected
Diviotecnbf232p0 <= 2.0170.3030affected
Diviotecnbf233p0 <= 2.0170.3030affected
Diviotecndr252p0 <= 2.0170.3030affected
Diviotecndr255p0 <= 2.0170.3030affected

Weaknesses

  • CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References