CVE-2025-57201

HighPublic PoCRCE

Published: 03 December 2025

Published

03 December 2025

Modified

23 December 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0081 74.4th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-57201 is a high-severity Command Injection (CWE-77) vulnerability in Avtech Dgm1104 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 25.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Command and Scripting Interpreter (T1059) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates CVE-2025-57201 by requiring timely installation of vendor patches to remediate the command injection flaw in the SMB server function.

SI-10 Information Input Validation good match

prevent

Prevents exploitation of the authenticated command injection vulnerability by enforcing validation and sanitization of crafted inputs to the SMB server.

AC-6 Least Privilege partial match

prevent

Limits the impact of arbitrary commands executed by low-privilege authenticated attackers exploiting the SMB server vulnerability through strict enforcement of least privilege.

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

Authenticated command injection in SMB server enables arbitrary remote command execution, facilitating T1059 (Command and Scripting Interpreter) and T1210 (Exploitation of Remote Services).

NVD Description

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

Deeper analysisAI

CVE-2025-57201 is an authenticated command injection vulnerability (CWE-77) in the SMB server function of AVTECH SECURITY Corporation's DGM1104 FullImg-1015-1004-1006-1003 software. Published on 2025-12-03T16:15:57.137, it allows attackers to execute arbitrary commands via a crafted input and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting high severity due to its potential for significant impact on confidentiality, integrity, and availability.

The vulnerability requires low-privilege authenticated access (PR:L) over the network (AV:N), with low attack complexity (AC:L) and no user interaction (UI:N). Attackers meeting these prerequisites can inject and execute arbitrary commands on the affected system, potentially leading to full compromise including data exfiltration, modification, or disruption of services.

Advisories and further details are available from vendor sources at http://avtech.com and http://dgm1104.com, along with vulnerability research at https://github.com/xchg-rax-rax/vulnerability-research/tree/main/CVE-2025-57201. Security practitioners should review these references for recommended mitigations or patches.