CVE-2025-59818

Critical CVSS: 10.0

This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.

Vendor

Product

CWE

Yayın Tarihi

2026-02-04 11:16:01

Güncelleme

2026-02-11 20:20:07

Source Identifier

cert@ncsc.nl

KEV Date Added

CWE-77 Tcis-3 Firmware CRITICAL Zenitel 2026

https://wiki.zenitel.com/wiki/Turbine_9.3_-_Release_notes https://wiki.zenitel.com/wiki/VSF-Display_Series_9.3_Release_Notes https://wiki.zenitel.com/wiki/VSF-Fortitude6_9.3_Release_Notes https://wiki.zenitel.com/wiki/VSF-Fortitude8_9.3_Release_Notes https://wiki.zenitel.com/wiki/ZIPS_9.3_-_Release_notes https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf

Critical

CVE-2025-64090

This vulnerability allows authenticated attackers to execute commands via the hostname of the device.

High

CVE-2025-64091

This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.

High

CVE-2025-64092

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly qu…

Critical

CVE-2025-64093

Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname…