CVE-2025-2071

A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. Affected WebUI parameters are "hd" and "pi".

CVSS

No CVSS.

References

Link	Resource
https://www.fast-lta.de/de/fast/silent-bricks-software-2-63

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una vulnerabilidad crítica de inyección de comandos del sistema operativo en la interfaz web de FAST LTA Silent Brick, que permite a atacantes remotos ejecutar comandos arbitrarios del sistema operativo mediante una entrada especialmente manipulada. Esta vulnerabilidad surge debido a la gestión inadecuada de entradas no confiables, que se pasan directamente a comandos del sistema sin la debida limpieza ni validación. Una explotación exitosa podría permitir a los atacantes ejecutar comandos arbitrarios en el sistema afectado, lo que podría resultar en acceso no autorizado, fuga de datos o la vulneración total del sistema. Los parámetros de la interfaz web afectados son "hd" y "pi".

31 Mar 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-31 09:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-2071

Mitre link : CVE-2025-2071

CVE.ORG link : CVE-2025-2071

JSON object : View

Products Affected

No product.

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2025-2071", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "cvssData": {"Safety": "PRESENT", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 10.0, "Automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:X/V:X/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-03-31T09:15:14.807", "references": [{"url": "https://www.fast-lta.de/de/fast/silent-bricks-software-2-63", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. Affected WebUI parameters are \"hd\" and \"pi\"."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad cr\u00edtica de inyecci\u00f3n de comandos del sistema operativo en la interfaz web de FAST LTA Silent Brick, que permite a atacantes remotos ejecutar comandos arbitrarios del sistema operativo mediante una entrada especialmente manipulada. Esta vulnerabilidad surge debido a la gesti\u00f3n inadecuada de entradas no confiables, que se pasan directamente a comandos del sistema sin la debida limpieza ni validaci\u00f3n. Una explotaci\u00f3n exitosa podr\u00eda permitir a los atacantes ejecutar comandos arbitrarios en el sistema afectado, lo que podr\u00eda resultar en acceso no autorizado, fuga de datos o la vulneraci\u00f3n total del sistema. Los par\u00e1metros de la interfaz web afectados son \"hd\" y \"pi\"."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf"}