CVE-2025-9603

MediumPublic PoC

Published: 29 August 2025

Published

29 August 2025

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0086 75.2th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-9603 is a medium-severity Injection (CWE-74) vulnerability in Telesquare Tlr-2005Ksh Firmware. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 24.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Command and Scripting Interpreter (T1059) and 2 other techniques.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SA-11 Developer Testing and Evaluation

addresses: CWE-74

Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.

SI-4 System Monitoring

addresses: CWE-74

Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1202 Indirect Command Execution Stealth

Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

attack.mitre.org →

Why these techniques?

Command injection via public-facing web CGI (/cgi-bin/internet.cgi?Command=lanCfg) enables exploitation of public-facing applications (T1190), indirect command execution through parameter manipulation (T1202), and command/script interpreter abuse (T1059, likely Unix Shell on the device).

NVD Description

A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4. The affected element is an unknown function of the file /cgi-bin/internet.cgi?Command=lanCfg. Executing manipulation of the argument Hostname can lead to command injection. The attack may be performed from a remote location. The…

exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2025-9603 is a command injection vulnerability (CWE-74, CWE-77) affecting Telesquare TLR-2005KSH version 1.2.4. The issue exists in an unknown function of the file /cgi-bin/internet.cgi?Command=lanCfg, where manipulation of the Hostname argument enables command injection. Published on 2025-08-29, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

A remote attacker with low privileges can exploit this vulnerability from a remote location with low complexity and no user interaction required. Successful exploitation allows limited impacts on confidentiality, integrity, and availability through arbitrary command execution.

Advisories from VulDB and related references indicate no vendor response or patch availability despite early notification. An exploit has been publicly disclosed, including a proof-of-concept on GitHub, making it readily utilizable by attackers.

Details

CWE(s): CWE-74 CWE-77

Affected Products

telesquare

tlr-2005ksh firmware

1.2.4

CVEs Like This One

CVE-2025-26002Same product: Telesquare Tlr-2005Ksh

CVE-2025-26004Same product: Telesquare Tlr-2005Ksh

CVE-2025-26011Same product: Telesquare Tlr-2005Ksh

CVE-2025-26010Same product: Telesquare Tlr-2005Ksh

CVE-2025-26007Same product: Telesquare Tlr-2005Ksh

CVE-2025-26006Same product: Telesquare Tlr-2005Ksh

CVE-2025-26005Same product: Telesquare Tlr-2005Ksh

CVE-2025-26008Same product: Telesquare Tlr-2005Ksh

CVE-2025-26003Same product: Telesquare Tlr-2005Ksh

CVE-2025-28361Same product: Telesquare Tlr-2005Ksh

References

https://github.com/lin-3-start/lin-cve/blob/main/Telesquare%20Tlr-2005Ksh/Telesquare%20Tlr-2005Ksh%E5%AD%98%E5%9C%A8%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
Exploit, Third Party Advisory · cna@vuldb.com
https://github.com/lin-3-start/lin-cve/blob/main/Telesquare%20Tlr-2005Ksh/Telesquare%20Tlr-2005Ksh%E5%AD%98%E5%9C%A8%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md#3poc
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.321779
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.321779
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.636414
Third Party Advisory, VDB Entry · cna@vuldb.com
https://github.com/lin-3-start/lin-cve/blob/main/Telesquare%20Tlr-2005Ksh/Telesquare%20Tlr-2005Ksh%E5%AD%98%E5%9C%A8%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0
https://github.com/lin-3-start/lin-cve/blob/main/Telesquare%20Tlr-2005Ksh/Telesquare%20Tlr-2005Ksh%E5%AD%98%E5%9C%A8%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md#3poc
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0