Cyber Resilience

CVE-2025-64092

High

Published: 09 January 2026

Published
09 January 2026
Modified
12 February 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0003 8.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-64092 is a high-severity SQL Injection (CWE-89) vulnerability in Zenitel Icx500 Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 8.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-64092 is an SQL injection vulnerability (CWE-89) present in Zenitel products. It enables unauthenticated attackers to inject SQL requests into GET request parameters, allowing direct queries against the underlying database. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting network accessibility, low attack complexity, no required privileges or user interaction, and high confidentiality impact with no integrity or availability effects.

Unauthenticated remote attackers can exploit the vulnerability by sending specially crafted GET requests to the affected component. Exploitation grants direct read access to the database, enabling extraction of sensitive data stored within it.

Zenitel has published a security advisory detailing the vulnerability at https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf, which security practitioners should consult for mitigation guidance and patch information.

EU & UK References

Vulnerability details

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
Why these techniques?

SQL injection in public-facing web component enables remote unauthenticated exploitation (T1190) and direct database queries for sensitive data extraction (T1213.006).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-64093Same product: Zenitel Icx500
CVE-2019-25537Shared CWE-89
CVE-2019-25366Shared CWE-89
CVE-2019-25496Shared CWE-89
CVE-2026-1475Shared CWE-89
CVE-2026-26990Shared CWE-89
CVE-2026-44047Shared CWE-89
CVE-2025-12865Shared CWE-89
CVE-2024-11135Shared CWE-89
CVE-2019-25491Shared CWE-89

Affected Assets

zenitel
icx500 firmware
≤ 1.4.3.3
zenitel
icx510 firmware
≤ 1.4.3.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2025-64092 by requiring timely patching of the SQL injection flaw in Zenitel products as detailed in the vendor advisory.

prevent

Prevents SQL injection exploitation by validating and sanitizing unauthenticated GET request parameters before they reach the database.

prevent

Restricts malicious SQL payloads in GET parameters through input type, format, and quantity limitations, reducing the attack surface for unauthenticated queries.

References