CVE-2025-57431HIGH 8.8EPSS p24.0%

CVE-2025-57431CVE-2025-57431

Description

The Sound4 PULSE-ECO AES67 1.22 web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the firmware.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.32% probability of exploitation · percentile 24.0% · 2026-06-19T12:03:05Z
Published2025-09-22
Last modified2025-10-14

Underlying weaknesses· 1

CWE-494

References

  1. https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57431
  2. https://www.sound4.com

1

TypeTargetConfidenceTier
WeaknessDownload of Code Without Integrity Checkcwe-4940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-53520
CVE
CVE-2025-50475
CVE
CVE-2025-48469
CVE
CVE-2025-56577
CVE
CVE-2025-0592
CVE
CVE-2025-41651
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.