CVE-2025-14213

Cato Networks’ Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface (UI) to execute arbitrary operating system commands as the root user on the Socket’s internal system.

CVSS

No CVSS.

References

Link	Resource
https://support.catonetworks.com/hc/en-us/articles/33184937283357-CVE-2025-14213-Socket-WebUI-OS-Command-Injection

Configurations

No configuration.

History

31 Mar 2026, 12:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-31 12:16

Updated : 2026-04-01 14:24

NVD link : CVE-2025-14213

Mitre link : CVE-2025-14213

CVE.ORG link : CVE-2025-14213

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2025-14213", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "2505284f-8ffb-486c-bf60-e19c1097a90b", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-31T12:16:26.813", "references": [{"url": "https://support.catonetworks.com/hc/en-us/articles/33184937283357-CVE-2025-14213-Socket-WebUI-OS-Command-Injection", "source": "2505284f-8ffb-486c-bf60-e19c1097a90b"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "2505284f-8ffb-486c-bf60-e19c1097a90b", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Cato Networks\u2019 Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface (UI) to execute arbitrary operating system commands as the root user on the Socket\u2019s internal system."}], "lastModified": "2026-04-01T14:24:02.583", "sourceIdentifier": "2505284f-8ffb-486c-bf60-e19c1097a90b"}

CVE-2025-14213

JSON object

Attach tags to CVE-2025-14213

Attach tags to `CVE-2025-14213`