CVE-2025-64128

Summary

An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, which could permit attackers to append arbitrary data. This could allow an unauthenticated attacker to inject arbitrary commands.

Affected Software

VendorProductVersion RangeStatus
ZenitelTCIV-3+0 <= 9.3.3.0affected

Weaknesses

  • CWE-78: CWE-78

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References