CVE-2025-64128CRITICAL 10.0EPSS p80.1%

CVE-2025-64128CVE-2025-64128

Description

An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, which could permit attackers to append arbitrary data. This could allow an unauthenticated attacker to inject arbitrary commands.

Scoring

CVSS 3.110.0 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS2.19% probability of exploitation · percentile 80.1% · 2026-06-19T12:03:05Z
Published2025-11-26
Last modified2026-04-15

Underlying weaknesses· 1

CWE-78

References

  1. https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-329-03.json
  2. https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29
  3. https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-03

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-64127
CVE
CVE-2025-64126
CVE
CVE-2025-37162
CVE
CVE-2025-55055
CVE
CVE-2025-12556
CVE
CVE-2025-6542
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.