CVE-2025-26009

High

Published: 26 March 2025

Published

26 March 2025

Modified

01 April 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0041 61.3th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-26009 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Telesquare Tlr-2005Ksh Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique System Information Discovery (T1082); ranked in the top 38.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AU-13 (Monitoring for Information Disclosure).

Threat & Defense at a Glance

What attackers do: exploitation maps to System Information Discovery (T1082). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

preventrecover

Directly remediates the flaw in systemutilit.cgi that improperly exposes sensitive system information to unauthenticated remote attackers.

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations preventing unauthenticated remote access to the vulnerable systemutilit.cgi endpoint and its sensitive information.

AU-13 Monitoring for Information Disclosure good match

detect

Monitors the system specifically for unauthorized disclosure of sensitive information via endpoints like systemutilit.cgi.

MITRE ATT&CK Enterprise TechniquesAI

T1082 System Information Discovery Discovery

An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.

attack.mitre.org →

Why these techniques?

The unauthenticated remote information disclosure via systemutilit.cgi directly enables retrieval of sensitive system details, mapping to System Information Discovery.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting systemutilit.cgi.

Deeper analysisAI

CVE-2025-26009, published on 2025-03-26, is an Information Disclosure vulnerability classified under CWE-200, affecting the Telesquare TLR-2005KSH router in version 1.1.4. The flaw occurs when requesting the systemutilit.cgi component, which improperly exposes sensitive information. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity due to significant confidentiality impact.

The vulnerability can be exploited by unauthenticated remote attackers over the network with low attack complexity and no user interaction required. Successful exploitation allows attackers to obtain sensitive system information disclosed by the CGI endpoint, potentially aiding further attacks without impacting integrity or availability.

Advisories and further details are available in the referenced GitHub document at https://github.com/Fan-24/Digging/blob/main/11/1.md.

Details

CWE(s): CWE-200

Affected Products

telesquare

tlr-2005ksh firmware

1.1.4

CVEs Like This One

CVE-2025-26001Same product: Telesquare Tlr-2005Ksh

CVE-2025-9603Same product: Telesquare Tlr-2005Ksh

CVE-2025-26002Same product: Telesquare Tlr-2005Ksh

CVE-2025-26011Same product: Telesquare Tlr-2005Ksh

CVE-2025-26010Same product: Telesquare Tlr-2005Ksh

CVE-2025-26004Same product: Telesquare Tlr-2005Ksh

CVE-2025-26007Same product: Telesquare Tlr-2005Ksh

CVE-2025-26006Same product: Telesquare Tlr-2005Ksh

CVE-2025-26005Same product: Telesquare Tlr-2005Ksh

CVE-2025-28361Same product: Telesquare Tlr-2005Ksh

References

https://github.com/Fan-24/Digging/blob/main/11/1.md
Broken Link · cve@mitre.org