Cyber Resilience

CVE-2025-20016

HighRCE

Published: 14 January 2025

Published
14 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0071 72.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20016 is a high-severity OS Command Injection (CWE-78) vulnerability in Jvn (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 27.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-20016 is an OS command injection vulnerability, tracked under CWE-78, that affects the web management interface of Y'S corporation STEALTHONE D220, D340, and D440 network storage servers. The flaw permits an authenticated administrator to supply crafted input that results in execution of arbitrary operating-system commands on the underlying host.

An attacker who already possesses administrative credentials and network access to the management page can leverage the injection to achieve full control over the affected appliance, including the ability to read, modify, or delete data and to alter system behavior. The reported CVSS 7.2 score reflects the high impact across confidentiality, integrity, and availability when the required administrative privileges are present.

Vendor advisories referenced in JVN VU99653331 and the STEALTHONE firmware release notes indicate that the issue is addressed by applying the updated firmware versions D220/D340 v6-03-03 or D440 v7-00-11. Administrators are advised to install these releases and restrict management-interface exposure.

The EPSS score rose from a low baseline to a peak of 0.0207 on 2025-12-11 before receding to its current value of 0.0071, indicating a measurable but temporary increase in exploitation interest after public disclosure. No confirmed in-the-wild exploitation has been reported.

EU & UK References

Vulnerability details

OS command injection vulnerability exists in network storage servers STEALTHONE D220/D340/D440 provided by Y'S corporation. A user with an administrative privilege who logged in to the web management page of the affected product may execute an arbitrary OS command.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

OS command injection in public-facing web management interface directly enables exploitation of the app (T1190) and arbitrary Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-42454Shared CWE-78
CVE-2026-34796Shared CWE-78
CVE-2024-57016Shared CWE-78
CVE-2025-50475Shared CWE-78
CVE-2024-57015Shared CWE-78
CVE-2026-36828Shared CWE-78
CVE-2024-57595Shared CWE-78
CVE-2026-25196Shared CWE-78
CVE-2024-50566Shared CWE-78
CVE-2026-23592Shared CWE-78

Affected Assets

Jvn
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2025-20016 by requiring timely application of vendor firmware updates that remediate the OS command injection vulnerability in the web management interface.

prevent

Prevents exploitation of the OS command injection vulnerability by validating and sanitizing user inputs submitted via the web management page.

prevent

Reduces the impact of successful command injection by enforcing least privilege on the processes handling web management requests, limiting arbitrary OS command execution.

References