Cyber Resilience

CVE-2025-57201

HighPublic PoCRCEUpdated

Published: 03 December 2025

Published
03 December 2025
Modified
01 June 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0094 76.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-57201 is a high-severity Command Injection (CWE-77) vulnerability in Avtech Dgm1104 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 23.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 contains an authenticated command injection vulnerability in its SMB server function, tracked as CVE-2025-57201 under CWE-77. The flaw permits arbitrary command execution when an attacker supplies crafted input to the affected component, carrying a CVSS 3.1 score of 8.8.

An authenticated network attacker can exploit the issue without user interaction to obtain full control over confidentiality, integrity, and availability on the device. The EPSS score remains low, with a current value of 0.0094 and a recorded peak of 0.0125.

Public references point to the vendor site, the product domain, and a GitHub repository containing vulnerability research details, though no specific patch or mitigation guidance is described in the available information.

EU & UK References

Vulnerability details

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Authenticated command injection in SMB server enables arbitrary remote command execution, facilitating T1059 (Command and Scripting Interpreter) and T1210 (Exploitation of Remote Services).

CVEs Like This One

CVE-2025-57199Same product: Avtech Dgm1104
CVE-2025-57198Same product: Avtech Dgm1104
CVE-2024-52325Shared CWE-77
CVE-2025-59468Shared CWE-77
CVE-2025-59818Shared CWE-77
CVE-2016-15057Shared CWE-77
CVE-2025-66219Shared CWE-77
CVE-2026-1324Shared CWE-77
CVE-2025-54416Shared CWE-77
CVE-2024-8402Shared CWE-77

Affected Assets

avtech
dgm1104 firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2025-57201 by requiring timely installation of vendor patches to remediate the command injection flaw in the SMB server function.

prevent

Prevents exploitation of the authenticated command injection vulnerability by enforcing validation and sanitization of crafted inputs to the SMB server.

prevent

Limits the impact of arbitrary commands executed by low-privilege authenticated attackers exploiting the SMB server vulnerability through strict enforcement of least privilege.

References