CVE-2025-64093

Critical CVSS: 10.0

Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.

Vendor

Product

CWE

Yayın Tarihi

2026-01-09 10:15:46

Güncelleme

2026-02-10 20:33:36

Source Identifier

cert@ncsc.nl

KEV Date Added

CWE-77 Icx500 Firmware CRITICAL Zenitel 2026

https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf

Critical

CVE-2025-59818

This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file…

Critical

CVE-2025-64090

This vulnerability allows authenticated attackers to execute commands via the hostname of the device.

High

CVE-2025-64091

This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.

High

CVE-2025-64092

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly qu…