Cyber Posture

CVE-2025-26003

CriticalRCE

Published: 26 March 2025

Published
26 March 2025
Modified
01 April 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0082 74.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-26003 is a critical-severity Code Injection (CWE-94) vulnerability in Telesquare Tlr-2005Ksh Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 25.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates CVE-2025-26003 by requiring timely remediation of the command injection flaw in the admin.cgi setAutorest parameter through patches or updates.

SI-10 Information Input Validation good match
prevent

Prevents command injection exploitation in CVE-2025-26003 by validating and sanitizing the setAutorest parameter to block malicious command payloads.

AC-3 Access Enforcement partial match
prevent

Enforces access controls to block unauthorized requests to the vulnerable admin.cgi setAutorest endpoint, reducing unauthenticated command execution risk.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

Remote command injection in public-facing admin.cgi CGI script directly enables T1190 exploitation of public-facing applications for initial access and arbitrary command execution via Unix shell (T1059.004) on the Linux-based device.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest.

Deeper analysisAI

CVE-2025-26003 is an unauthorized command execution vulnerability (CWE-94: Code Injection) affecting Telesquare TLR-2005KSH version 1.1.4. The issue arises when the admin.cgi parameter is requested with the setAutorest option, allowing improper handling that leads to command injection. Published on 2025-03-26, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for complete system compromise.

The vulnerability can be exploited by any unauthenticated attacker with network access to the affected device. Exploitation requires low complexity and no user interaction, enabling remote arbitrary command execution. This grants high-impact privileges, potentially allowing full control over the device, including data exfiltration, modification, or disruption of services.

Mitigation details and further technical analysis are provided in the referenced advisory at https://github.com/Fan-24/Digging/blob/main/5/1.md.

Details

CWE(s)
CWE-94

Affected Products

telesquare
tlr-2005ksh firmware
1.1.4

CVEs Like This One

CVE-2025-26004Same product: Telesquare Tlr-2005Ksh
CVE-2025-26007Same product: Telesquare Tlr-2005Ksh
CVE-2025-26006Same product: Telesquare Tlr-2005Ksh
CVE-2025-26005Same product: Telesquare Tlr-2005Ksh
CVE-2025-26008Same product: Telesquare Tlr-2005Ksh
CVE-2025-26011Same product: Telesquare Tlr-2005Ksh
CVE-2025-26002Same product: Telesquare Tlr-2005Ksh
CVE-2025-26010Same product: Telesquare Tlr-2005Ksh
CVE-2025-26001Same product: Telesquare Tlr-2005Ksh
CVE-2025-28361Same product: Telesquare Tlr-2005Ksh

References