Cyber Resilience

CVE-2025-8748

HighRCE

Published: 08 August 2025

Published
08 August 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0175 83.0th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8748 is a high-severity OS Command Injection (CWE-78) vulnerability in Mobile Industrial Robots (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

MiR software versions prior to 3.0.0 contain a command injection vulnerability tracked as CVE-2025-8748 and assigned CWE-78. The flaw resides in the handling of HTTP requests and permits an authenticated user to supply crafted input that results in execution of arbitrary operating-system commands. The issue carries a CVSS 3.1 base score of 8.8 with network attack vector, low complexity, and low privileges required.

An attacker who already possesses valid credentials can send a malicious HTTP request to the affected MiR instance and obtain full command execution on the underlying host. Successful exploitation yields complete confidentiality, integrity, and availability impact on the system, allowing the attacker to run any command permitted by the service account.

Vendor advisories published by Mobile Industrial Robots direct users to upgrade to version 3.0.0 or later and reference the MiR Cybersecurity Guide for additional hardening steps; the advisories are located at the URLs listed in the CVE record. The associated EPSS score remains low at 0.0175 with no material increase since disclosure.

EU & UK References

Vulnerability details

MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A malicious HTTP request crafted by an authenticated user could allow the execution of arbitrary commands on the underlying operating system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Command injection vulnerability directly enables remote arbitrary OS command execution via crafted HTTP requests to a public-facing application (T1190) and use of command/scripting interpreters (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-60962Shared CWE-78
CVE-2025-23316Shared CWE-78
CVE-2026-30880Shared CWE-78
CVE-2025-64124Shared CWE-78
CVE-2024-58274Shared CWE-78
CVE-2026-34188Shared CWE-78
CVE-2025-0680Shared CWE-78
CVE-2026-5965Shared CWE-78
CVE-2025-50194Shared CWE-78
CVE-2026-44590Shared CWE-78

Affected Assets

Mobile Industrial Robots
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents command injection by requiring validation and sanitization of HTTP request inputs to reject malicious payloads targeting OS command execution.

prevent

Ensures timely remediation of the specific command injection flaw through identification, reporting, and patching to MiR software version 3.0.0 or later.

prevent

Limits damage from authenticated low-privilege exploitation by enforcing least privilege on users and processes to restrict arbitrary OS command capabilities.

References