CVE-2026-25037
Published: 27 February 2026
Summary
CVE-2026-25037 is a high-severity OS Command Injection (CWE-78) vulnerability in Copeland Xweb 300D Pro Firmware. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents OS command injection by validating the maliciously crafted LCD state input before processing during system setup.
Mitigates the vulnerability through timely identification, reporting, and deployment of vendor patches to remediate the command injection flaw.
Complements input validation by restricting the LCD state inputs to safe formats, sizes, or types to block malicious command payloads.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection vulnerability in network-accessible web interface (XWEB Pro) enables exploitation of public-facing or remote services (T1190, T1210) for RCE via Unix shell commands (T1059.004).
NVD Description
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling…
more
remote code execution.
Deeper analysisAI
CVE-2026-25037 is an OS command injection vulnerability (CWE-78) affecting XWEB Pro version 1.12.1 and prior versions. The flaw allows an authenticated attacker to achieve remote code execution (RCE) on the affected system by configuring a maliciously crafted LCD state, which is subsequently processed during system setup. The vulnerability carries a CVSS v3.1 base score of 8.0 (AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for complete system compromise.
Exploitation requires network access and high privileges (PR:H), with high attack complexity (AC:H) but no user interaction (UI:N). A successful attack enables the adversary to execute arbitrary operating system commands remotely, potentially leading to full control over the system, including high impacts on confidentiality, integrity, and availability in a scoped environment.
CISA's ICS Advisory (ICSA-26-057-10) details the vulnerability, with corresponding machine-readable data available via the Cybersecurity and Infrastructure Security Agency's GitHub CSAF repository. Mitigation guidance and patches are referenced in the Dixell/Copeland system software update page, recommending users apply the latest updates to address the issue.
Details
- CWE(s)