CVE-2025-9583
Published: 28 August 2025
Summary
CVE-2025-9583 is a medium-severity Injection (CWE-74) vulnerability in Comfast Cf-N1 Firmware. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 33.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in webmgnt ping_config enables remote exploitation of public-facing application (T1190), indirect command execution via utilities like ping (T1202), and Unix shell command execution (T1059.004).
NVD Description
A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by this vulnerability is the function ping_config of the file /usr/bin/webmgnt. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to…
more
the public and may be used.
Deeper analysisAI
CVE-2025-9583 is a command injection vulnerability in the ping_config function of the /usr/bin/webmgnt file within Comfast CF-N1 version 2.6.0. Published on 2025-08-28, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and maps to CWEs-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) and CWE-77 (Improper Neutralization of Special Elements used in a Command).
The vulnerability enables remote exploitation by attackers with low privileges, such as authenticated users, over the network with low attack complexity and no user interaction required. Manipulation of the ping_config function allows command injection, resulting in limited impacts to confidentiality, integrity, and availability.
Advisories reference a publicly disclosed exploit in a GitHub repository at https://github.com/ZZ2266/.github.io/tree/main/COMFAST/N1V2/ping_config, along with VulDB entries at https://vuldb.com/?ctiid.321696, https://vuldb.com/?id.321696, and https://vuldb.com/?submit.636130, noting that the exploit may be used. No specific patches or mitigation guidance are detailed in the available information.
Details
- CWE(s)