CVE-2025-14705
Published: 15 December 2025
Summary
CVE-2025-14705 is a critical-severity Injection (CWE-74) vulnerability in Sgwbox N3 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 14.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates command injection by requiring validation and sanitization of the 'params' argument in the SHARESERVER feature before processing.
Requires identification, reporting, and correction of flaws like this command injection vulnerability through timely patching or workarounds.
Enforces boundary protection to monitor and control network communications to the vulnerable SHARESERVER feature, blocking remote unauthenticated access.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote command injection via SHARESERVER params in web interface enables exploitation of public-facing application (T1190), Unix shell command execution (T1059.004), and indirect command execution (T1202 as assigned in advisory).
NVD Description
A vulnerability was determined in Shiguangwu sgwbox N3 2.0.25. This affects an unknown function of the component SHARESERVER Feature. This manipulation of the argument params causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed…
more
and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-14705 is a command injection vulnerability in Shiguangwu sgwbox N3 version 2.0.25. It affects an unknown function within the SHARESERVER feature, where manipulation of the "params" argument triggers the injection. The issue aligns with CWE-74 (Improper Neutralization of Special Elements used in an SQL Command) and CWE-77 (Command Injection), and it was published on 2025-12-15.
Remote attackers can exploit this vulnerability without authentication or user interaction, requiring only network access and low attack complexity, as indicated by the CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base score 9.8). Successful exploitation enables arbitrary command execution, potentially leading to high impacts on confidentiality, integrity, and availability of the affected system.
VulDB advisories note that the exploit has been publicly disclosed and may be utilized, with references including detailed entries at vuldb.com/?ctiid.336422 and a Notion page on the sgwbox NAS N3 command injection. The vendor was contacted early about the disclosure but provided no response, and no patches or mitigations are detailed in the available references.
Details
- CWE(s)