Cyber Resilience

CVE-2025-32813

HighRCE

Published: 22 May 2025

Published
22 May 2025
Modified
03 June 2025
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1118 93.7th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-32813 is a high-severity Command Injection (CWE-77) vulnerability in Infoblox Netmri. Its CVSS base score is 7.2 (High).

Operationally, ranked in the top 6.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2025-32813 affects Infoblox NETMRI versions prior to 7.6.1 and involves remote unauthenticated command injection, corresponding to CWE-77. The flaw permits arbitrary command execution over the network with a CVSS 3.1 base score of 7.2.

An unauthenticated attacker with network access can supply crafted input that results in command injection. Successful exploitation grants the ability to execute arbitrary commands, leading to full compromise of confidentiality, integrity, and availability on the affected appliance.

The vendor advisory at https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2025-32813 addresses the issue in NETMRI 7.6.1 and later releases. The associated EPSS score has remained at 0.1118 with no indicated increase after disclosure.

EU & UK References

Vulnerability details

An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

infoblox
netmri
≤ 7.6.1

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References