CVE-2025-2701
Published: 24 March 2025
Summary
CVE-2025-2701 is a medium-severity Command Injection (CWE-77) vulnerability in Amttgroup Hibos. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-2701 is an OS command injection vulnerability in AMTT Hotel Broadband Operation System version 1.0. It resides in the popen function within the file /manager/network/port_setup.php, where unsanitized input to the arguments SwitchVersion, SwitchWrite, SwitchIP, SwitchIndex, or SwitchState is passed directly to the operating system.
An authenticated remote attacker can supply crafted values to these parameters and execute arbitrary operating-system commands on the affected server. The attack requires low privileges and no user interaction, and a working exploit has already been published.
No vendor patch or official mitigation guidance is available; the vendor was notified but did not respond. Public references consist of a proof-of-concept disclosure and several vulnerability-database entries that reiterate the same details.
The EPSS score rose from a low baseline to a recorded peak of 0.0291, indicating increased exploitation interest after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-7390
Vulnerability details
A vulnerability classified as critical was found in AMTT Hotel Broadband Operation System 1.0. This vulnerability affects the function popen of the file /manager/network/port_setup.php. The manipulation of the argument SwitchVersion/SwitchWrite/SwitchIP/SwitchIndex/SwitchState leads to os command injection. The attack can be initiated…
more
remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote OS command injection in a public-facing web management interface (/manager/network/port_setup.php) enables exploitation of public-facing applications (T1190) and indirect command execution via popen (T1202).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents OS command injection by requiring validation of manipulated inputs like SwitchVersion, SwitchWrite, SwitchIP, SwitchIndex, and SwitchState before passing to popen.
Requires timely remediation of known flaws such as this critical OS command injection vulnerability through patching or compensatory controls.
Restricts information inputs to the vulnerable parameters to only organization-defined allowed values, blocking many malicious command injection payloads.