TROYANOSYVIRUS
Retour aux CVEs

CVE-2025-59818

CRITICAL
10.0

Description

This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.

Details CVE

Score CVSS v3.110.0
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie2/4/2026
Derniere modification2/11/2026
Sourcenvd
Observations honeypot0

Produits affectes

zenitel:tcis-3zenitel:tcis-3_firmware

Faiblesses (CWE)

CWE-77

References

https://wiki.zenitel.com/wiki/Turbine_9.3_-_Release_notes(cert@ncsc.nl)
https://wiki.zenitel.com/wiki/VSF-Display_Series_9.3_Release_Notes(cert@ncsc.nl)
https://wiki.zenitel.com/wiki/VSF-Fortitude6_9.3_Release_Notes(cert@ncsc.nl)
https://wiki.zenitel.com/wiki/VSF-Fortitude8_9.3_Release_Notes(cert@ncsc.nl)
https://wiki.zenitel.com/wiki/ZIPS_9.3_-_Release_notes(cert@ncsc.nl)
https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf(cert@ncsc.nl)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.