CVE-2025-9583
Published: 28 August 2025
Summary
CVE-2025-9583 is a low-severity Injection (CWE-74) vulnerability in Comfast Cf-N1 Firmware. Its CVSS base score is 2.1 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 24.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-9583 is a command injection vulnerability in the ping_config function of the /usr/bin/webmgnt file within Comfast CF-N1 version 2.6.0. Published on 2025-08-28, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and maps to CWEs-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) and CWE-77 (Improper Neutralization of Special Elements used in a Command).
The vulnerability enables remote exploitation by attackers with low privileges, such as authenticated users, over the network with low attack complexity and no user interaction required. Manipulation of the ping_config function allows command injection, resulting in limited impacts to confidentiality, integrity, and availability.
Advisories reference a publicly disclosed exploit in a GitHub repository at https://github.com/ZZ2266/.github.io/tree/main/COMFAST/N1V2/ping_config, along with VulDB entries at https://vuldb.com/?ctiid.321696, https://vuldb.com/?id.321696, and https://vuldb.com/?submit.636130, noting that the exploit may be used. No specific patches or mitigation guidance are detailed in the available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-28869
Vulnerability details
A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by this vulnerability is the function ping_config of the file /usr/bin/webmgnt. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to…
more
the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in webmgnt ping_config enables remote exploitation of public-facing application (T1190), indirect command execution via utilities like ping (T1202), and Unix shell command execution (T1059.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and sanitization of inputs to the ping_config function, blocking the special characters that enable command injection.
Restricts the privileges under which /usr/bin/webmgnt executes and limits which authenticated users can invoke ping_config, reducing the attack surface and impact.
Enforces least functionality by disabling or removing the ping_config capability (or the entire webmgnt binary) when not required, eliminating the injectable code path.