CVE-2025-55055
Published: 17 November 2025
Summary
CVE-2025-55055 is a medium-severity OS Command Injection (CWE-78) vulnerability in Maxum Rumpus. Its CVSS base score is 6.8 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked at the 18.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-55055, published on 2025-11-17T18:15:57.033, is classified as CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). It carries a CVSS v3.1 base score of 6.8 (AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). The specific software or component affected is not identified in the provided details.
The vulnerability can be exploited over the network with low attack complexity by an attacker possessing high privileges (PR:H), requiring user interaction (UI:R) to succeed. Successful exploitation enables high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) without changing scope.
Advisories are available via the Israeli government site at https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0, which lists CVE details for mitigation guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-197852
Vulnerability details
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS Command Injection (CWE-78) directly enables arbitrary command execution via OS interpreters (T1059) and represents exploitation of a remote service vulnerability (T1210).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly counters CWE-78 OS command injection by requiring validation and neutralization of special elements in inputs to OS commands.
Remediates the specific CVE-2025-55055 flaw through timely installation of vendor-provided patches addressing the improper neutralization.
Reduces the attack surface and potential impact of exploitation by enforcing least privilege, given the PR:H requirement.