CVE-2025-64127
Published: 26 November 2025
Summary
CVE-2025-64127 is a critical-severity OS Command Injection (CWE-78) vulnerability in Zenitel (inferred from references). Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 7.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-2 (Separation of System and User Functionality) and SI-10 (Information Input Validation).
Deeper analysis
An OS command injection vulnerability tracked as CVE-2025-64127 and assigned CWE-78 was published on 2025-11-26. It arises from insufficient sanitization of user-supplied input, allowing parameters to be incorporated into operating system commands without adequate validation. The flaw carries a CVSS 4.0 score of 10.0 and affects an application that processes such input for command execution.
An unauthenticated remote attacker can supply crafted parameters to execute arbitrary operating system commands, resulting in complete loss of confidentiality, integrity, and availability on the affected system along with potential secondary impact to its environment.
CISA and vendor references, including ICSA-25-329-03 and related firmware package information, are published at the listed URLs and address the issue for affected deployments.
The associated EPSS score rose from a low baseline to a peak of 0.1088 on 2026-03-28 before receding to its current value of 0.0832, indicating that exploitation interest emerged after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-199741
Vulnerability details
An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate validation. This could allow an unauthenticated attacker to execute arbitrary commands remotely.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote OS command injection in public-facing firmware enables exploitation of public-facing application (T1190) and arbitrary command execution via Unix shell (T1059.004) on likely Linux-based ICS devices.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and sanitization of user-supplied input parameters before incorporation into OS commands, addressing the core cause of this command injection vulnerability.
Mandates identification, reporting, and correction of the specific OS command injection flaw through firmware updates as recommended in CISA ICSA-25-329-03.
Enforces separation between user functionality and system functionality to prevent unsanitized user input from directly invoking arbitrary OS commands.