Cyber Posture

CVE-2025-57457

HighRCE

Published: 08 October 2025

Published
08 October 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0020 41.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-57457 is a high-severity OS Command Injection (CWE-78) vulnerability in Curo UC300 (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents OS command injection by requiring validation and sanitization of the 'IP Addr' parameter in the Admin panel.

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and correction of the specific command injection flaw in Curo UC300 5.42.1.7.1.63R1.

AC-6 Least Privilege partial match
prevent

Limits privileges of low-privilege accounts accessing the Admin panel, reducing the impact of arbitrary OS command execution.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
Why these techniques?

OS command injection in a network-accessible admin panel enables exploitation of public-facing applications (T1190) and arbitrary command execution via command interpreters (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An OS Command Injection vulnerability in the Admin panel in Curo UC300 5.42.1.7.1.63R1 allows local attackers to inject arbitrary OS Commands via the "IP Addr" parameter.

Deeper analysisAI

CVE-2025-57457 is an OS command injection vulnerability (CWE-78) in the Admin panel of Curo UC300 version 5.42.1.7.1.63R1. The flaw allows local attackers to inject arbitrary OS commands via the "IP Addr" parameter. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-10-08T19:15:44.563.

Attackers with low privileges and network access can exploit the vulnerability without user interaction. Successful exploitation grants the ability to execute arbitrary OS commands on the affected system, resulting in high impacts to confidentiality, integrity, and availability.

Mitigation details, advisories, or patches can be found by consulting the vendor site at http://curo.com and the GitHub repository at https://github.com/restdone/CVE-2025-57457/tree/main.

Details

CWE(s)
CWE-78

Affected Products

Curo
UC300
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-36604Shared CWE-78
CVE-2025-61304Shared CWE-78
CVE-2025-63911Shared CWE-78
CVE-2026-22901Shared CWE-78
CVE-2026-25108Shared CWE-78
CVE-2025-54795Shared CWE-78
CVE-2026-1345Shared CWE-78
CVE-2025-56590Shared CWE-78
CVE-2026-28291Shared CWE-78
CVE-2024-58274Shared CWE-78

References