CVE 10 CRITICAL

Zenitel TCIV-3+ OS Command Injection_CVE-2025-64126

November 26, 2025 invoker category_cve

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

An OS command injection vulnerability exists due to improper input
validation. The application accepts a parameter directly from user input
without verifying it is a valid IP address or filtering potentially
malicious characters. This could allow an unauthenticated attacker to
inject arbitrary commands.

AI Analysis

OS command injection vulnerability due to improper input validation

Basic Information

ID CVE-2025-64126

Source icscert

Published Nov 26, 2025 at 17:47

Affected Product

Vendor Zenitel

Product TCIV-3+

Affected Versions Zenitel TCIV-3+ 0

CWE Classification

CWE-78

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor Zenitel

Product TCIV-3+

References

{
    "lastseen": "",
    "description": "An OS command injection vulnerability exists due to improper input \nvalidation. The application accepts a parameter directly from user input\n without verifying it is a valid IP address or filtering potentially \nmalicious characters. This could allow an unauthenticated attacker to \ninject arbitrary commands.",
    "published": "2025-11-26T17:47:05.385Z",
    "modified": "2025-11-26T17:47:05.385Z",
    "type": "cve",
    "title": "Zenitel TCIV-3+ OS Command Injection",
    "source": "icscert",
    "references": "https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-329-03\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-329-03.json",
    "id": "CVE-2025-64126",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Zenitel TCIV-3+ 0",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TCIV-3+",
    "version": "0",
    "vendor": "Zenitel",
    "ai_description": "OS command injection vulnerability due to improper input validation",
    "ai_severity": "Critical",
    "ai_vendor": "Zenitel",
    "ai_product": "TCIV-3+",
    "ai_version": "0",
    "ai_score": 10
}

💭 Join the Security Discussion ❌ Cancel Reply