CVE-2025-63220

High CVSS: 7.2

The Sound4 FIRST web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the firmware.

Vendor

Sound4

Product

First Firmware

CWE

CWE-494

Yayın Tarihi

2025-11-19 16:15:48

Güncelleme

2026-01-08 16:44:36

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-494 First Firmware HIGH Sound4 2025

Referanslar

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63220_Sound4%20FIRST%20RCE https://www.sound4helpdesk.com/ https://www.sound4helpdesk.com/first-downloads/ https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63220_Sound4%20FIRST%20RCE

Benzer Kayıtlar

High

CVE-2022-50792

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allow…

High

CVE-2022-50793

SOUND4 IMPACT/FIRST/PULSE/Eco

Critical

CVE-2022-50794

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the u…

High

CVE-2022-50795

SOUND4 IMPACT/FIRST/PULSE/Eco

Critical

CVE-2022-50796

SOUND4 IMPACT/FIRST/PULSE/Eco

Critical

CVE-2022-50696

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cann…