CVE-2025-64092

High CVSS: 7.5

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database.

Vendor

Product

CWE

Yayın Tarihi

2026-01-09 10:15:46

Güncelleme

2026-02-12 17:42:53

Source Identifier

cert@ncsc.nl

KEV Date Added

CWE-89 Icx500 Firmware HIGH Zenitel 2026

https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf

Critical

CVE-2025-59818

This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file…

Critical

CVE-2025-64090

This vulnerability allows authenticated attackers to execute commands via the hostname of the device.

High

CVE-2025-64091

This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.

Critical

CVE-2025-64093

Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname…