Cyber Posture

CVE-2025-57199

HighPublic PoCRCE

Published: 03 December 2025

Published
03 December 2025
Modified
23 December 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0093 76.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-57199 is a high-severity Command Injection (CWE-77) vulnerability in Avtech Dgm1104 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 23.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Command and Scripting Interpreter (T1059) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents command injection by validating crafted inputs to the vulnerable NetFailDetectD binary.

SI-2 Flaw Remediation good match
prevent

Requires timely flaw remediation through vendor patches specifically available for CVE-2025-57199 in the DGM1104 product.

AC-6 Least Privilege partial match
prevent

Enforces least privilege to restrict the scope and impact of arbitrary commands executed by low-privilege authenticated attackers.

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
Why these techniques?

Authenticated command injection in NetFailDetectD binary enables arbitrary remote command execution (T1059 Command and Scripting Interpreter) via exploitation of the vulnerable remote service (T1210 Exploitation of Remote Services).

NVD Description

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the NetFailDetectD binary. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

Deeper analysisAI

CVE-2025-57199 is an authenticated command injection vulnerability (CWE-77) affecting the NetFailDetectD binary in AVTECH SECURITY Corporation's DGM1104 FullImg-1015-1004-1006-1003 product. This flaw enables attackers to execute arbitrary commands through crafted input. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.

Attackers with low-privilege authenticated access (PR:L) can exploit the vulnerability remotely over the network without requiring user interaction. Exploitation allows execution of arbitrary commands on the affected system, potentially leading to full compromise given the high impact ratings across all security vectors.

Advisories, patches, and additional details are available via vendor references at http://avtech.com and http://dgm1104.com, as well as vulnerability research at https://github.com/xchg-rax-rax/vulnerability-research/tree/main/CVE-2025-57199.

Details

CWE(s)
CWE-77

Affected Products

avtech
dgm1104 firmware
all versions

CVEs Like This One

CVE-2025-57201Same product: Avtech Dgm1104
CVE-2025-57198Same product: Avtech Dgm1104
CVE-2024-52325Shared CWE-77
CVE-2025-59468Shared CWE-77
CVE-2025-59818Shared CWE-77
CVE-2026-21638Shared CWE-77
CVE-2024-8402Shared CWE-77
CVE-2026-1324Shared CWE-77
CVE-2025-66219Shared CWE-77
CVE-2025-40937Shared CWE-77

References