Vulnerability Details
Basic Information
| Title | CVE-2025-25504 |
|---|---|
| Type | cve |
| Published | 2025-05-05T16:15:50 |
| Last Seen | 2025-05-05T18:20:48 |
| CVSS Score | 6.5 (MEDIUM) |
CVSS v3 Details
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | LOW |
| Integrity Impact | LOW |
| Availability Impact | NONE |
CVE Information
| CVE IDs | CVE-2025-25504 |
|---|---|
| CWE | CWE-77, CWE-287 |
| Bulletin Family | cve |
Description
An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges.
Impact Assessment
| Base Score | 6.5 |
|---|---|
| Severity | MEDIUM |