CVE-2025-2071

CRITICAL EPSS 55.3%

Published Mar 31, 20251y ago · Modified Jun 17, 20261w ago

10.0 CVSS 4.0

Critical

Published Mar 31, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. Affected WebUI parameters are "hd" and "pi".

CVSS Details

Base Score

10.0

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:X/V:X/RE:M/U:Amber

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope P

Threat Intelligence

EPSS Exploit Probability

55.3% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

References 1

fast-lta.de https://www.fast-lta.de/de/fast/silent-bricks-software-2-63

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.