CVE 10 CRITICAL

Zenitel TCIV-3+ OS Command Injection_CVE-2025-64127

November 26, 2025 invoker category_cve

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

An OS command injection vulnerability exists due to insufficient
sanitization of user-supplied input. The application accepts parameters
that are later incorporated into OS commands without adequate
validation. This could allow an unauthenticated attacker to execute
arbitrary commands remotely.

AI Analysis

OS command injection vulnerability due to insufficient input sanitization

Basic Information

ID CVE-2025-64127

Source icscert

Published Nov 26, 2025 at 17:50

Modified Nov 26, 2025 at 19:31

Affected Product

Vendor Zenitel

Product TCIV-3+

Affected Versions Zenitel TCIV-3+ 0

CWE Classification

CWE-78

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor Zenitel

Product TCIV-3+

References

{
    "lastseen": "",
    "description": "An OS command injection vulnerability exists due to insufficient \nsanitization of user-supplied input. The application accepts parameters \nthat are later incorporated into OS commands without adequate \nvalidation. This could allow an unauthenticated attacker to execute \narbitrary commands remotely.",
    "published": "2025-11-26T17:50:01.184Z",
    "modified": "2025-11-26T19:31:02.691Z",
    "type": "cve",
    "title": "Zenitel TCIV-3+ OS Command Injection",
    "source": "icscert",
    "references": "https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-329-03\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-329-03.json",
    "id": "CVE-2025-64127",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Zenitel TCIV-3+ 0",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TCIV-3+",
    "version": "0",
    "vendor": "Zenitel",
    "ai_description": "OS command injection vulnerability due to insufficient input sanitization",
    "ai_severity": "Critical",
    "ai_vendor": "Zenitel",
    "ai_product": "TCIV-3+",
    "ai_version": "0",
    "ai_score": 10
}

💭 Join the Security Discussion ❌ Cancel Reply