CVE-2025-26389
Published: 13 May 2025
Summary
CVE-2025-26389 is a critical-severity OS Command Injection (CWE-78) vulnerability in Siemens Ozw672 Firmware. Its CVSS base score is 10.0 (Critical).
Operationally, ranked in the top 21.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The vulnerability CVE-2025-26389 affects the web service in Siemens OZW672 and OZW772 devices running all versions prior to V8.0. Insufficient sanitization of input parameters for the exportDiagramPage endpoint allows command injection, as indicated by the associated CWE-78 classification and a maximum CVSS 4.0 score of 10.0.
An unauthenticated remote attacker can exploit the flaw over the network without authentication or user interaction to execute arbitrary code with root privileges on the device, achieving full system compromise including confidentiality, integrity, and availability impacts.
The Siemens security advisory at https://cert-portal.siemens.com/productcert/html/ssa-047424.html addresses mitigation steps and patch availability for the affected products. The EPSS score remains flat at a low value of 0.0111 with no material increase observed.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-14849
Vulnerability details
A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). The web service in affected devices does not sanitize the input parameters required for the `exportDiagramPage` endpoint. This could allow an unauthenticated remote attacker…
more
to execute arbitrary code with root privileges.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.