CVE-2025-5145

Summary

A vulnerability, which was classified as critical, was found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2 and POWER13 up to 20250508. This affects an unknown part of the file /www/cgi-bin/ of the component Query String Handler. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
NetcoreNBR1005GPEV220250508affected
NetcoreB6V220250508affected
NetcoreCOVER520250508affected
NetcoreNAP83020250508affected
NetcoreNAP93020250508affected
NetcoreNBR100V220250508affected
NetcoreNBR200V220250508affected
NetcorePOWER1320250508affected

Weaknesses

  • CWE-77: Command Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References