CVE-2025-30131
Published: 26 June 2025
Summary
CVE-2025-30131 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Iroadau Fx2 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 19.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
The vulnerability CVE-2025-30131 affects IROAD Dashcam FX2 devices and stems from an unauthenticated file upload endpoint. This issue, tracked under CWE-434, allows an attacker to upload a CGI-based webshell that executes arbitrary commands with root privileges on the device.
An unauthenticated remote attacker can leverage the endpoint to upload the webshell and immediately run commands as root. The same mechanism supports uploading a netcat binary to establish a reverse shell, delivering persistent privileged remote access and full device takeover. The flaw received a CVSS v3.1 score of 9.8.
The listed references point to a detailed disclosure on GitHub and the vendor's firmware download page at iroadau.com.au, indicating that firmware updates are the intended remediation path, though no explicit patch instructions or workarounds are provided in the available data. The associated EPSS score remains flat at a low 0.0141 with no material rise observed.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-27775
Vulnerability details
An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining…
more
full control over the dashcam. Additionally, by uploading a netcat (nc) binary, the attacker can establish a reverse shell, maintaining persistent remote and privileged access to the device. This allows complete device takeover.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The unauthenticated file upload vulnerability enables exploitation of a public-facing web application (T1190), deployment of a CGI webshell (T1505.003), arbitrary Unix shell command execution as root (T1059.004), and ingress tool transfer such as uploading a netcat binary for reverse shell (T1105).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requiring identifiable owners for portable devices reduces the attack surface for unrestricted uploads of dangerous file types via anonymous media.
Dangerous file uploads can be detonated in the chamber to determine malice before any production write or execution occurs.
Prevents unrestricted writing of arbitrary or malicious firmware by keeping hardware write-protect enabled except under tightly controlled manual procedures.
Scans files from external sources on download/open/execute, blocking unrestricted uploads of dangerous file types.