Cyber Resilience

CVE-2025-1536

Medium

Published: 21 February 2025

Published
21 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0043 63.0th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1536 is a medium-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 37.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A vulnerability identified as CVE-2025-1536 exists in Raisecom Multi-Service Intelligent Gateway versions up to 20250208. It resides in the Request Parameter Handler component within the file /vpn/vpn_template_style.php, where manipulation of the stylenum argument enables operating system command injection. The issue is rated critical with a CVSS score of 6.9 and is associated with CWE-77 and CWE-78.

The flaw can be exploited remotely by unauthenticated attackers who supply crafted input to the affected parameter, allowing execution of arbitrary operating system commands on the gateway. Public exploit code has been released, increasing the potential for misuse against exposed devices.

No vendor patch or mitigation guidance is available, as Raisecom was notified prior to disclosure but provided no response.

The associated EPSS score rose from a low baseline to a peak of 0.0223 on 2026-03-08 before receding to its current value of 0.0043, indicating a period of increased exploitation interest following public release of the details.

EU & UK References

Vulnerability details

A vulnerability was found in Raisecom Multi-Service Intelligent Gateway up to 20250208. It has been declared as critical. This vulnerability affects unknown code of the file /vpn/vpn_template_style.php of the component Request Parameter Handler. The manipulation of the argument stylenum leads…

more

to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

OS command injection in a public-facing web component directly enables remote exploitation of an internet-facing application (T1190) leading to arbitrary command execution via a command interpreter (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-59736Shared CWE-77, CWE-78
CVE-2025-44015Shared CWE-77, CWE-78
CVE-2025-59740Shared CWE-77, CWE-78
CVE-2026-4585Shared CWE-77, CWE-78
CVE-2026-7698Shared CWE-77, CWE-78
CVE-2026-1544Shared CWE-77, CWE-78
CVE-2025-15501Shared CWE-77, CWE-78
CVE-2026-9452Shared CWE-77, CWE-78
CVE-2026-4170Shared CWE-77, CWE-78
CVE-2026-7062Shared CWE-77, CWE-78

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 requires information input validation at entry points like the stylenum parameter in /vpn/vpn_template_style.php, directly preventing OS command injection exploitation.

prevent

SI-2 mandates timely flaw remediation, including patching or compensating controls for this known critical command injection vulnerability in the Request Parameter Handler.

prevent

SI-9 enforces restrictions on information inputs to the vulnerable component, limiting the stylenum argument to safe types and formats to block injection payloads.

References