CVE-2025-1536

High

Published: 21 February 2025

Published

21 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0043 62.6th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1536 is a high-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 37.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 requires information input validation at entry points like the stylenum parameter in /vpn/vpn_template_style.php, directly preventing OS command injection exploitation.

SI-2 Flaw Remediation good match

prevent

SI-2 mandates timely flaw remediation, including patching or compensating controls for this known critical command injection vulnerability in the Request Parameter Handler.

SI-9 Information Input Restrictions partial match

prevent

SI-9 enforces restrictions on information inputs to the vulnerable component, limiting the stylenum argument to safe types and formats to block injection payloads.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

Why these techniques?

OS command injection in a public-facing web component directly enables remote exploitation of an internet-facing application (T1190) leading to arbitrary command execution via a command interpreter (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability was found in Raisecom Multi-Service Intelligent Gateway up to 20250208. It has been declared as critical. This vulnerability affects unknown code of the file /vpn/vpn_template_style.php of the component Request Parameter Handler. The manipulation of the argument stylenum leads…

to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2025-1536 is a critical OS command injection vulnerability (CWE-77, CWE-78) in Raisecom Multi-Service Intelligent Gateway versions up to 20250208. It affects unknown code in the file /vpn/vpn_template_style.php within the Request Parameter Handler component, where manipulation of the stylenum argument enables command injection.

The vulnerability is exploitable remotely by unauthenticated attackers with low complexity (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L, score 7.3). Successful exploitation allows limited impacts on confidentiality, integrity, and availability through arbitrary OS command execution.

VulDB advisories detail the issue and note that the exploit has been publicly disclosed on GitHub, where it may be actively used. The vendor was contacted early regarding disclosure but provided no response, and no patches or specific mitigations are mentioned in available references.

Details

CWE(s): CWE-77 CWE-78

CVEs Like This One

CVE-2025-1676Shared CWE-77, CWE-78

CVE-2026-2184Shared CWE-77, CWE-78

CVE-2026-5973Shared CWE-77, CWE-78

CVE-2025-59740Shared CWE-77, CWE-78

CVE-2026-4585Shared CWE-77, CWE-78

CVE-2026-4170Shared CWE-77, CWE-78

CVE-2026-2952Shared CWE-77, CWE-78

CVE-2025-1546Shared CWE-77, CWE-78

CVE-2026-7590Shared CWE-77, CWE-78

CVE-2026-5972Shared CWE-77, CWE-78

References

https://github.com/koishi0x01/CVE/blob/main/CVE_1.md
cna@vuldb.com
https://vuldb.com/?ctiid.296476
cna@vuldb.com
https://vuldb.com/?id.296476
cna@vuldb.com
https://vuldb.com/?submit.497021
cna@vuldb.com