CVE-2025-64127

Summary

An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate validation. This could allow an unauthenticated attacker to execute arbitrary commands remotely.

Affected Software

VendorProductVersion RangeStatus
ZenitelTCIV-3+0 <= 9.3.3.0affected

Weaknesses

  • CWE-78: CWE-78

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References