CVE-2025-59815HIGH 8.4EPSS p15.5%

CVE-2025-59815CVE-2025-59815

Description

This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Exploitation can compromise the device’s availability, confidentiality, and integrity.

Scoring

CVSS 3.18.4 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS0.24% probability of exploitation · percentile 15.5% · 2026-06-18T12:00:27Z
Published2025-09-25
Last modified2026-04-15

Underlying weaknesses· 1

CWE-77

References

  1. https://wiki.zenitel.com/wiki/Downloads#ICX-AlphaCom_System
  2. https://wiki.zenitel.com/wiki/ICX_1.4.3.X_-_Release_Notes

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in a Command ('Command Injection')cwe-770%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-59814
CVE
CVE-2025-8693
CVE
Zyxel Multiple Firewalls OS Command Injection Vulnerability
CVE
CVE-2025-0593
CVE
CVE-2025-59817
CVE
CVE-2025-28231
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.