CVE-2025-63213CRITICAL 9.8EPSS p50.9%

CVE-2025-63213CVE-2025-63213

Description

The QVidium Opera11 device (firmware version 2.9.0-Ax4x-opera11) is vulnerable to Remote Code Execution (RCE) due to improper input validation on the /cgi-bin/net_ping.cgi endpoint. An attacker can exploit this vulnerability by sending a specially crafted GET request with a malicious parameter to inject arbitrary commands. These commands are executed with root privileges, allowing attackers to gain full control over the device. This poses a significant security risk to any device running this software.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.77% probability of exploitation · percentile 50.9% · 2026-06-18T12:00:27Z
Published2025-11-19
Last modified2026-01-15

Underlying weaknesses· 1

CWE-20

References

  1. https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63213_QVidium%20Opera11%20RCE
  2. https://qvidium.tv/
  3. https://undercodetesting.com/zero-day-vulnerabilities-discovered-in-qvidium-opera11-remote-code-execution-rce-exploit/
  4. https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63213_QVidium%20Opera11%20RCE

1

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-29534
CVE
CVE-2026-25109
CVE
CVE-2025-56123
CVE
CVE-2026-25111
CVE
CVE-2025-25053
CVE
CVE-2025-11142
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.