CVE 8.7 HIGH

QNO Technology｜VPN Firewall – OS Command Injection_CVE-2025-15388

December 31, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.

AI Analysis

OS Command Injection vulnerability allowing remote attackers to inject and execute arbitrary OS commands

Basic Information

ID CVE-2025-15388

Source twcert

Published Dec 31, 2025 at 09:01

Affected Product

Vendor QNO Technology

Product VPN Firewall

Affected Versions QNO Technology VPN Firewall 0

CWE Classification

CWE-78

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor QNO Technology

Product VPN Firewall

References

{
    "lastseen": "",
    "description": "VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.",
    "published": "2025-12-31T09:01:46.998Z",
    "modified": "2025-12-31T09:01:46.998Z",
    "type": "cve",
    "title": "QNO Technology\uff5cVPN Firewall - OS Command Injection",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10613-e1780-1.html\nhttps://www.twcert.org.tw/en/cp-139-10614-dee41-2.html",
    "id": "CVE-2025-15388",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "QNO Technology VPN Firewall 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "VPN Firewall",
    "version": "0",
    "vendor": "QNO Technology",
    "ai_description": "OS Command Injection vulnerability allowing remote attackers to inject and execute arbitrary OS commands",
    "ai_severity": "High",
    "ai_vendor": "QNO Technology",
    "ai_product": "VPN Firewall",
    "ai_version": "0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply