Calix Gigacenter ONT – Command Injection_CVE-2025-54084

8.5 / 10

HIGH

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

OS Command ('OS Command Injection') vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows authenticated attackers with 'super' user credentials to execute arbitrary OS commands through improper input validation, potentially leading to full system compromise.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE.

Basic Information

ID CVE-2025-54084

Source Fluid Attacks

Published Sep 9, 2025 at 20:37

Affected Product

Vendor Calix

Product GigaCenter ONT

Version 844E

Affected Versions Calix GigaCenter ONT 844E
Calix GigaCenter ONT 844G
Calix GigaCenter ONT 844GE
Calix GigaCenter ONT 854GE

CWE Classification

CWE-78

References

{
    "lastseen": "",
    "description": "OS Command ('OS Command Injection') vulnerability in Calix GigaCenter ONT (Quantenna SoC modules)\u00a0allows authenticated attackers with 'super' user credentials to execute arbitrary OS commands through improper input validation, potentially leading to full system compromise.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE.",
    "published": "2025-09-09T20:37:28.023Z",
    "modified": "2025-09-09T20:37:28.023Z",
    "type": "cve",
    "title": "Calix Gigacenter ONT  - Command Injection",
    "source": "Fluid Attacks",
    "references": "https://fluidattacks.com/advisories/bacalao\nhttps://www.calix.com",
    "id": "CVE-2025-54084",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Calix GigaCenter ONT 844E\nCalix GigaCenter ONT 844G\nCalix GigaCenter ONT 844GE\nCalix GigaCenter ONT 854GE",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GigaCenter ONT",
    "version": "844E",
    "vendor": "Calix",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}