CVE-2025-22939
Published: 31 March 2025
Summary
CVE-2025-22939 is a critical-severity Command Injection (CWE-77) vulnerability in Adtran 411 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 9.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).
Deeper analysis
A command injection vulnerability exists in the telnet service of Adtran 411 ONT devices running firmware L80.00.0011.M2. The flaw, tracked as CVE-2025-22939 and assigned CWE-77, permits unauthenticated remote attackers to inject and execute operating system commands. It carries a CVSS 3.1 score of 9.8, reflecting network attack vector, low complexity, and full impact on confidentiality, integrity, and availability.
An attacker with network access to the telnet service can exploit the injection to escalate privileges directly to root and run arbitrary commands on the device. No user interaction or credentials are required, enabling straightforward remote compromise of affected ONT units deployed in ISP environments.
Public references, including technical write-ups and demonstration material, document the issue but do not include vendor-issued patches or official mitigation guidance. The EPSS score rose from lower values to a peak of 0.1822 before receding to the current 0.0541, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-8765
Vulnerability details
A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in exposed telnet service directly enables remote unauthenticated arbitrary command execution on Unix-based device and root privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely remediation of the command injection flaw via firmware patching directly prevents exploitation of CVE-2025-22939 in the Adtran 411 ONT telnet service.
Validating all inputs to the telnet service blocks specially crafted payloads that enable command injection and root escalation.
Prohibiting or restricting the telnet service enforces least functionality, eliminating network exposure to this unauthenticated remote vulnerability.