CVE 9.3 CRITICAL

CVE-2025-11546_CVE-2025-11546

November 7, 2025 invoker category_cve
9.3 / 10
CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

CLUSTERPRO X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 and EXPRESSCLUSTER X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, CLUSTERPRO X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, EXPRESSCLUSTER X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 allows an attacker sends specially crafted network packets to the product, arbitrary OS commands may be executed without authentication.

AI Analysis

Arbitrary OS commands may be executed without authentication by sending specially crafted network packets to the product.

Basic Information

ID CVE-2025-11546
Source NEC
Published Nov 7, 2025 at 01:09
Modified Nov 7, 2025 at 04:04

Affected Product

Vendor NEC Corporation
Product CLUSTERPRO X for Linux (EXPRESSCLUSTER X for Linux)
Version 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2
Affected Versions NEC Corporation CLUSTERPRO X for Linux (EXPRESSCLUSTER X for Linux) 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2
NEC Corporation CLUSTERPRO X SingleServerSafe for Linux (EXPRESSCLUSTER X SingleServerSafe for Linux) 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2

CWE Classification

CWE-78

AI Assessment

AI Score 9.3 / 10
AI Severity Critical
Vendor NEC Corporation
Product CLUSTERPRO X for Linux (EXPRESSCLUSTER X for Linux), CLUSTERPRO X SingleServerSafe for Linux (EXPRESSCLUSTER X SingleServerSafe for Linux)
Version 4.0, 4.1, 4.2, 5.0, 5.1, 5.2

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.