CVE-2025-64126

Summary

An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a valid IP address or filtering potentially malicious characters. This could allow an unauthenticated attacker to inject arbitrary commands.

Affected Software

VendorProductVersion RangeStatus
ZenitelTCIV-3+0 <= 9.3.3.0affected

Weaknesses

  • CWE-78: CWE-78

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References