CVE 10 CRITICAL

Unauthenticated Remote Code Execution via the device hostname_CVE-2025-64093

January 9, 2026 invoker category_cve

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.

AI Analysis

Remote Code Execution vulnerability in Zenitel ICX500 and ICX510 devices via the hostname

Basic Information

ID CVE-2025-64093

Source NCSC-NL

Published Jan 9, 2026 at 10:04

Affected Product

Vendor Zenitel

Product ICX500

Version <1.4.3.3

Affected Versions Zenitel ICX500 <1.4.3.3
Zenitel ICX510 <1.4.3.3

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor Zenitel

Product ICX500, ICX510

Version <1.4.3.3

References

www.zenitel.com /sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf

{
    "lastseen": "",
    "description": "Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.",
    "published": "2026-01-09T10:04:58.207Z",
    "modified": "2026-01-09T10:04:58.207Z",
    "type": "cve",
    "title": "Unauthenticated Remote Code Execution via the device hostname",
    "source": "NCSC-NL",
    "references": "https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf",
    "id": "CVE-2025-64093",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Zenitel ICX500 <1.4.3.3\nZenitel ICX510 <1.4.3.3",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ICX500",
    "version": "<1.4.3.3",
    "vendor": "Zenitel",
    "ai_description": "Remote Code Execution vulnerability in Zenitel ICX500 and ICX510 devices via the hostname",
    "ai_severity": "Critical",
    "ai_vendor": "Zenitel",
    "ai_product": "ICX500, ICX510",
    "ai_version": "<1.4.3.3",
    "ai_score": 10
}

💭 Join the Security Discussion ❌ Cancel Reply