Authenticated Remote Code Execution in device hostname_CVE-2025-64090

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

This vulnerability allows authenticated attackers to execute commands via the hostname of the device.

AI Analysis

Authenticated attackers can execute commands via the hostname of the device

Basic Information

ID CVE-2025-64090

Source NCSC-NL

Published Jan 9, 2026 at 09:59

Affected Product

Vendor Zenitel

Product TCIS-3+

Version <9.2.3.3

Affected Versions Zenitel TCIS-3+ <9.2.3.3

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor Zenitel

Product TCIS-3+

Version < 9.2.3.3

References

www.zenitel.com /sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf

{
    "lastseen": "",
    "description": "This vulnerability allows authenticated attackers to execute commands via the hostname of the device.",
    "published": "2026-01-09T09:59:58.839Z",
    "modified": "2026-01-09T09:59:58.839Z",
    "type": "cve",
    "title": "Authenticated Remote Code Execution in device hostname",
    "source": "NCSC-NL",
    "references": "https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf",
    "id": "CVE-2025-64090",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Zenitel TCIS-3+ <9.2.3.3",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TCIS-3+",
    "version": "<9.2.3.3",
    "vendor": "Zenitel",
    "ai_description": "Authenticated attackers can execute commands via the hostname of the device",
    "ai_severity": "Critical",
    "ai_vendor": "Zenitel",
    "ai_product": "TCIS-3+",
    "ai_version": "< 9.2.3.3",
    "ai_score": 10
}