CVE-2025-56498
Published: 03 September 2025
Summary
CVE-2025-56498 is a medium-severity OS Command Injection (CWE-78) vulnerability in Prolink2U Pgn6401V Firmware. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 13.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-26602
Vulnerability details
An OS command injection vulnerability exists in PLDT WiFi Router's Prolink PGN6401V Firmware 8.1.2 web management interface. The ping6.asp page submits user input to the /boaform/formPing6 endpoint via the pingAddr parameter, which is not properly sanitized. An authenticated attacker can…
more
exploit this flaw by injecting arbitrary system commands, which are executed by the underlying operating system with root privileges. The router uses the Boa web server (version 0.93.15) to handle the request. Successful exploitation can lead to full system compromise and unauthorized control of the network device.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The OS command injection vulnerability in the router's web management interface enables authenticated attackers to execute arbitrary Unix shell commands with root privileges, facilitating Unix shell abuse (T1059.004), exploitation for privilege escalation (T1068), and exploitation of a public-facing web application (T1190).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.