Cyber Posture

CVE-2025-64093

CriticalRCE

Published: 09 January 2026

Published
09 January 2026
Modified
10 February 2026
KEV Added
Patch
CVSS Score 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0013 32.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-64093 is a critical-severity Command Injection (CWE-77) vulnerability in Zenitel Icx500 Firmware. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly implements input validation on the hostname field to block arbitrary command injection by unauthenticated attackers.

AC-14 Permitted Actions Without Identification or Authentication good match
prevent

Restricts hostname modifications and related functions to only authorized users, preventing unauthenticated access exploitation.

SI-2 Flaw Remediation good match
prevent

Mandates timely patching of the specific command injection flaw in Zenitel devices as per the vendor advisory.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

CVE-2025-64093 enables unauthenticated remote code execution through command injection in the hostname field of public-facing Zenitel devices, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.

Deeper analysisAI

CVE-2025-64093 is a remote code execution vulnerability stemming from command injection (CWE-77) in Zenitel devices. It enables unauthenticated attackers to inject arbitrary commands into the device's hostname. The vulnerability carries a maximum CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating critical severity with network accessibility, low attack complexity, no privileges or user interaction required, and high impact across confidentiality, integrity, and availability with a changed scope.

Unauthenticated attackers with network access to affected Zenitel devices can exploit this vulnerability remotely. By injecting malicious commands into the hostname field, they achieve remote code execution, potentially compromising the entire device and enabling full control over its operations.

Zenitel has published a security advisory detailing mitigations and patches at https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf. Security practitioners should consult this document for specific remediation steps.

Details

CWE(s)
CWE-77

Affected Products

zenitel
icx500 firmware
≤ 1.4.3.3
zenitel
icx510 firmware
≤ 1.4.3.3

CVEs Like This One

CVE-2025-64092Same product: Zenitel Icx500
CVE-2025-64090Same vendor: Zenitel
CVE-2025-59818Same vendor: Zenitel
CVE-2026-30461Shared CWE-77
CVE-2025-24285Shared CWE-77
CVE-2025-56425Shared CWE-77
CVE-2025-55637Shared CWE-77
CVE-2025-64091Same vendor: Zenitel
CVE-2024-39759Shared CWE-77
CVE-2026-22719Shared CWE-77

References