Cyber Posture

CVE-2025-24499

High

Published: 11 February 2025

Published
11 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0024 46.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24499 is a high-severity Improper Input Validation (CWE-20) vulnerability. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 46.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly addresses the improper input validation flaw during configuration file loading, preventing authenticated attackers from executing arbitrary shell commands.

SI-2 Flaw Remediation good match
prevent

Requires timely flaw remediation through firmware upgrades to V3.0.0 or later, eliminating the vulnerability as recommended by the Siemens advisory.

AC-6 Least Privilege partial match
prevent

Enforces least privilege for high-privilege accounts required for exploitation, limiting the ability to load malicious configurations or the impact of command execution.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

The vulnerability enables remote exploitation of a public-facing network device (wireless AP) via improper input validation in config file loading, directly resulting in arbitrary Unix shell command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All…

more

versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected devices do not properly validate input while loading the configuration files. This could allow an authenticated remote attacker to execute arbitrary shell commands on the device.

Deeper analysisAI

CVE-2025-24499 is a vulnerability in multiple Siemens SCALANCE wireless access points and modules, including SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0 and variants for ME and US), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0 and variants including EEC, ME, and US), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0 and iFeatures variant), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0, 3DA0, and US variants), and SCALANCE WUM766-1 (6GK5766-1GE00-3DA0 and variants for ME and USA), all versions prior to V3.0.0. The flaw arises from improper input validation during the loading of configuration files (CWE-20), earning a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Attackers require high privileges (PR:H) and network access (AV:N) to exploit this remotely with low complexity (AC:L) and no user interaction (UI:N). Exploitation enables execution of arbitrary shell commands on the device, granting high-impact control over confidentiality, integrity, and availability (C:H/I:H/A:H) in an unchanged scope (S:U).

Siemens advisory SSA-769027 (https://cert-portal.siemens.com/productcert/html/ssa-769027.html) confirms the issue and advises upgrading all affected products to V3.0.0 or later as the primary mitigation.

Details

CWE(s)
CWE-20

Affected Products

All
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-30452Shared CWE-20
CVE-2026-34980Shared CWE-20
CVE-2024-56135Shared CWE-20
CVE-2026-32604Shared CWE-20
CVE-2025-63213Shared CWE-20
CVE-2025-14558Shared CWE-20
CVE-2025-66259Shared CWE-20
CVE-2024-56133Shared CWE-20
CVE-2024-56131Shared CWE-20
CVE-2026-24504Shared CWE-20

References