CVE-2025-2701
Published: 24 March 2025
Summary
CVE-2025-2701 is a medium-severity Command Injection (CWE-77) vulnerability in Amttgroup Hibos. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents OS command injection by requiring validation of manipulated inputs like SwitchVersion, SwitchWrite, SwitchIP, SwitchIndex, and SwitchState before passing to popen.
Requires timely remediation of known flaws such as this critical OS command injection vulnerability through patching or compensatory controls.
Restricts information inputs to the vulnerable parameters to only organization-defined allowed values, blocking many malicious command injection payloads.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote OS command injection in a public-facing web management interface (/manager/network/port_setup.php) enables exploitation of public-facing applications (T1190) and indirect command execution via popen (T1202).
NVD Description
A vulnerability classified as critical was found in AMTT Hotel Broadband Operation System 1.0. This vulnerability affects the function popen of the file /manager/network/port_setup.php. The manipulation of the argument SwitchVersion/SwitchWrite/SwitchIP/SwitchIndex/SwitchState leads to os command injection. The attack can be initiated…
more
remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-2701 is a critical vulnerability in AMTT Hotel Broadband Operation System 1.0 that enables OS command injection through the popen function in the file /manager/network/port_setup.php. The issue arises from manipulation of the arguments SwitchVersion, SwitchWrite, SwitchIP, SwitchIndex, and SwitchState, as classified under CWE-77 and CWE-78. It carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L), indicating network-accessible exploitation with low complexity and low privileges required.
Attackers with low-privilege access can exploit this vulnerability remotely over the network without user interaction. Successful exploitation allows injection and execution of arbitrary operating system commands, potentially resulting in limited impacts to confidentiality, integrity, and availability, such as data leakage, modification, or service disruption on the affected system.
VulDB advisories (ctiid.300718, id.300718, submit.516089) document the vulnerability, noting that an exploit has been publicly disclosed on GitHub (zian10001/cve/blob/main/rce.md) and may be actively used. The vendor was contacted early regarding disclosure but provided no response, and no patches or official mitigations are mentioned in the available references.
Details
- CWE(s)