CVE-2025-5145

LOW EPSS 66.6%

Published May 25, 20251y ago · Modified Jun 17, 20261w ago

2.1 CVSS 4.0

Low

Published May 25, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability, which was classified as critical, was found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2 and POWER13 up to 20250508. This affects an unknown part of the file /www/cgi-bin/ of the component Query String Handler. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS Details

Base Score

2.1

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

66.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-74

CWE-77 Command Injection Injection

References 5

anonymous.4open.science https://anonymous.4open.science/r/netcore_unauth-7D2E
github.com https://github.com/Exploo0Osion/netcore_unauth
vuldb.com https://vuldb.com/?ctiid.310233
vuldb.com https://vuldb.com/?id.310233
vuldb.com https://vuldb.com/?submit.573492

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.