Cyber Resilience

CVE-2025-15137

HighPublic PoCRCE

Published: 28 December 2025

Published
28 December 2025
Modified
07 January 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.1035 95.1th percentile
Risk Priority 60 floored blend · peak EPSS

Summary

CVE-2025-15137 is a high-severity Injection (CWE-74) vulnerability in Trendnet Tew-800Mb Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 4.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-15137 is a command injection vulnerability (CWE-74, CWE-77) in the TRENDnet TEW-800MB firmware version 1.0.1.0. The issue resides in the sub_F934 function within the NTPSyncWithHost.cgi file, where improper input handling allows manipulation leading to arbitrary command execution.

Attackers with low privileges (PR:L) can exploit this remotely over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N), achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), as scored 8.8 by CVSS 3.1. Successful exploitation enables full system compromise on affected devices.

VulDB advisories note that the vendor was contacted early about the disclosure but provided no response or patches. The exploit is public and available for use, with details in references including https://pentagonal-time-3a7.notion.site/TRENDnet-TEW-800MB-NTP-2c7e5dd4c5a580f999adcaff2c31978b and https://vuldb.com/?ctiid.338515.

No real-world exploitation in the wild has been reported, but the public exploit availability heightens risk for unpatched TRENDnet TEW-800MB devices.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function sub_F934 of the file NTPSyncWithHost.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be…

more

used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
Why these techniques?

Command injection in public-facing CGI script enables exploitation of public-facing application (T1190) and arbitrary command execution on network device CLI (T1059.008).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-15136Same product: Trendnet Tew-800Mb
CVE-2026-5183Same vendor: Trendnet
CVE-2026-5355Same vendor: Trendnet
CVE-2026-5351Same vendor: Trendnet
CVE-2026-5353Same vendor: Trendnet
CVE-2026-5184Same vendor: Trendnet
CVE-2025-15139Same vendor: Trendnet
CVE-2026-10061Same vendor: Trendnet
CVE-2026-10060Same vendor: Trendnet
CVE-2024-57590Same vendor: Trendnet

Affected Assets

trendnet
tew-800mb firmware
1.0.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents command injection by requiring validation of inputs to the vulnerable sub_F934 function in NTPSyncWithHost.cgi.

prevent

Requires timely remediation of the known command injection flaw through firmware patching, updates, or device replacement.

detect

Vulnerability scanning and monitoring identifies the publicly disclosed command injection vulnerability in the NTP CGI script.

References