CVE 10 CRITICAL

Zenitel TCIV-3+ OS Command Injection_CVE-2025-64128

November 26, 2025 invoker category_cve

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

An OS command injection vulnerability exists due to incomplete
validation of user-supplied input. Validation fails to enforce
sufficient formatting rules, which could permit attackers to append
arbitrary data. This could allow an unauthenticated attacker to inject
arbitrary commands.

AI Analysis

OS command injection vulnerability due to incomplete validation of user input

Basic Information

ID CVE-2025-64128

Source icscert

Published Nov 26, 2025 at 17:51

Modified Nov 26, 2025 at 19:13

Affected Product

Vendor Zenitel

Product TCIV-3+

Affected Versions Zenitel TCIV-3+ 0

CWE Classification

CWE-78

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor Zenitel

Product TCIV-3+

References

{
    "lastseen": "",
    "description": "An OS command injection vulnerability exists due to incomplete \nvalidation of user-supplied input. Validation fails to enforce \nsufficient formatting rules, which could permit attackers to append \narbitrary data. This could allow an unauthenticated attacker to inject \narbitrary commands.",
    "published": "2025-11-26T17:51:23.485Z",
    "modified": "2025-11-26T19:13:49.932Z",
    "type": "cve",
    "title": "Zenitel TCIV-3+ OS Command Injection",
    "source": "icscert",
    "references": "https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-329-03\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-329-03.json",
    "id": "CVE-2025-64128",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Zenitel TCIV-3+ 0",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TCIV-3+",
    "version": "0",
    "vendor": "Zenitel",
    "ai_description": "OS command injection vulnerability due to incomplete validation of user input",
    "ai_severity": "Critical",
    "ai_vendor": "Zenitel",
    "ai_product": "TCIV-3+",
    "ai_version": "0",
    "ai_score": 10
}

💭 Join the Security Discussion ❌ Cancel Reply