Command injection in Kieback&Peter Neutrino-GLT_CVE-2025-6225

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N

Description

Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02

Basic Information

ID CVE-2025-6225

Source CERT-PL

Published Jan 7, 2026 at 13:00

Affected Product

Vendor Kieback&Peter

Product Neutrino-GLT

Affected Versions Kieback&Peter Neutrino-GLT 0

CWE Classification

CWE-78

References

cert.pl /en/posts/2026/01/CVE-2025-6225/

{
    "lastseen": "",
    "description": "Kieback&Peter Neutrino-GLT product is used for building management. It's web component\u00a0\"SM70 PHWEB\" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02",
    "published": "2026-01-07T13:00:46.715Z",
    "modified": "2026-01-07T13:00:46.715Z",
    "type": "cve",
    "title": "Command injection in Kieback&Peter Neutrino-GLT",
    "source": "CERT-PL",
    "references": "https://cert.pl/en/posts/2026/01/CVE-2025-6225/",
    "id": "CVE-2025-6225",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Kieback&Peter Neutrino-GLT 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Neutrino-GLT",
    "version": "0",
    "vendor": "Kieback&Peter",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}