CVE-2025-65480

HighRCE

Published: 11 February 2026

Published

11 February 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0014 33.2th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-65480 is a high-severity OS Command Injection (CWE-78) vulnerability in Pacom Unison Client (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked at the 33.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Command and Scripting Interpreter (T1059) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly mitigates CWE-78 improper neutralization by requiring validation and sanitization of user inputs to Report Templates, preventing malicious script injection leading to RCE.

SI-2 Flaw Remediation good match

prevent

Addresses the specific flaw in Pacom Unison Client 5.13.1 by requiring timely installation of vendor-provided patches from advisories, eliminating the vulnerability.

AC-6 Least Privilege partial match

prevent

Enforces least privilege to restrict low-privilege authenticated users from accessing or modifying Report Templates, reducing the opportunity for script injection.

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

OS Command Injection (CWE-78) in a network-accessible client application enables remote code execution via command/script interpreter abuse (T1059) and exploitation of client software vulnerability (T1203).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution.

Deeper analysisAI

CVE-2025-65480 is a remote code execution vulnerability in Pacom Unison Client version 5.13.1. Authenticated users can inject malicious scripts into Report Templates, which are executed when certain script conditions are fulfilled. The issue stems from improper neutralization of special elements, mapped to CWE-78 (Improper Neutralization of Special Elements used in an OS Command), and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

An attacker with low-privilege authenticated access (PR:L) can exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L) and without requiring user interaction (UI:N). Successful exploitation enables remote code execution with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing full system compromise within the context of the affected client.

Mitigation details and further information are available in advisories from the vendor at http://pacom.com and in the vulnerability research repository at https://github.com/derekyjj/vulnerability-research/tree/main/CVE-2025-65480, published on 2026-02-11.