CVE-2025-2071 (GCVE-0-2025-2071)

Vulnerability from cvelistv5 – Published: 2025-03-31 08:33 – Updated: 2025-03-31 16:26
VLAI?
Summary
A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. Affected WebUI parameters are "hd" and "pi".
Severity ?
10 (Critical)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/RE:M/U:Amber
CWE
  • CWE-78 - Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)
Assigner
References
Impacted products
Vendor Product Version
FAST LTA FAST LTA Silent Brick WebUI Affected: WebUI Release 2.45 (Linux 5.4.109-gentoo-FAST) , < 2.63.04 (custom)
Create a notification for this product.
Credits
Stefan Mettler from CRYPTRON Security GmbH
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2071",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-31T16:26:19.132583Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-31T16:26:54.053Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "FAST LTA Silent Brick WebUI",
          "vendor": "FAST LTA",
          "versions": [
            {
              "lessThan": "2.63.04",
              "status": "affected",
              "version": "WebUI Release 2.45 (Linux 5.4.109-gentoo-FAST)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Stefan Mettler from CRYPTRON Security GmbH"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. Affected WebUI parameters are \"hd\" and \"pi\".\u003cbr\u003e"
            }
          ],
          "value": "A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. Affected WebUI parameters are \"hd\" and \"pi\"."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88 OS Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "NOT_DEFINED",
            "Safety": "PRESENT",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-31T08:33:53.271Z",
        "orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
        "shortName": "SEC-VLab"
      },
      "references": [
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://www.fast-lta.de/de/fast/silent-bricks-software-2-63"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAvoid using external processes: Whenever possible, use library calls instead of invoking external processes to recreate desired functionality.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eA vendor security patch available. Upgrade to release\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://software.fast-lta.com/fast-sb-update-2.63.0.4.tar\"\u003efast-sb-update-2.63.0.4.tar \u003c/a\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "Avoid using external processes: Whenever possible, use library calls instead of invoking external processes to recreate desired functionality.\n\nA vendor security patch available. Upgrade to release\u00a0 fast-sb-update-2.63.0.4.tar  https://software.fast-lta.com/fast-sb-update-2.63.0.4.tar"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-12-24T15:22:00.000Z",
          "value": "vulnerability has been identified and reported to the vendor"
        },
        {
          "lang": "en",
          "time": "2025-01-16T08:30:00.000Z",
          "value": "transmission of further technical information to the vendor"
        },
        {
          "lang": "en",
          "time": "2025-01-23T09:45:00.000Z",
          "value": "vulnerability has been confirmed by the vendor and a patch is in progress"
        },
        {
          "lang": "en",
          "time": "2025-03-06T10:30:00.000Z",
          "value": "Vendor patch available"
        }
      ],
      "title": "OS Command Injection Vulnerability in FAST LTA Silent Brick WebUI",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
    "assignerShortName": "SEC-VLab",
    "cveId": "CVE-2025-2071",
    "datePublished": "2025-03-31T08:33:53.271Z",
    "dateReserved": "2025-03-06T18:18:48.091Z",
    "dateUpdated": "2025-03-31T16:26:54.053Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-2071\",\"sourceIdentifier\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"published\":\"2025-03-31T09:15:14.807\",\"lastModified\":\"2025-04-01T20:26:30.593\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. Affected WebUI parameters are \\\"hd\\\" and \\\"pi\\\".\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad cr\u00edtica de inyecci\u00f3n de comandos del sistema operativo en la interfaz web de FAST LTA Silent Brick, que permite a atacantes remotos ejecutar comandos arbitrarios del sistema operativo mediante una entrada especialmente manipulada. Esta vulnerabilidad surge debido a la gesti\u00f3n inadecuada de entradas no confiables, que se pasan directamente a comandos del sistema sin la debida limpieza ni validaci\u00f3n. Una explotaci\u00f3n exitosa podr\u00eda permitir a los atacantes ejecutar comandos arbitrarios en el sistema afectado, lo que podr\u00eda resultar en acceso no autorizado, fuga de datos o la vulneraci\u00f3n total del sistema. Los par\u00e1metros de la interfaz web afectados son \\\"hd\\\" y \\\"pi\\\".\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:X/V:X/RE:M/U:Amber\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"PRESENT\",\"Automatable\":\"NO\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"AMBER\"}}]},\"weaknesses\":[{\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"references\":[{\"url\":\"https://www.fast-lta.de/de/fast/silent-bricks-software-2-63\",\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-2071\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-31T16:26:19.132583Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-31T16:26:43.125Z\"}}], \"cna\": {\"title\": \"OS Command Injection Vulnerability in FAST LTA Silent Brick WebUI\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Stefan Mettler from CRYPTRON Security GmbH\"}], \"impacts\": [{\"capecId\": \"CAPEC-88\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-88 OS Command Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"PRESENT\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 10, \"Automatable\": \"NO\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/RE:M/U:Amber\", \"providerUrgency\": \"AMBER\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"FAST LTA\", \"product\": \"FAST LTA Silent Brick WebUI\", \"versions\": [{\"status\": \"affected\", \"version\": \"WebUI Release 2.45 (Linux 5.4.109-gentoo-FAST)\", \"lessThan\": \"2.63.04\", \"versionType\": \"custom\"}], \"platforms\": [\"Linux\"], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-12-24T15:22:00.000Z\", \"value\": \"vulnerability has been identified and reported to the vendor\"}, {\"lang\": \"en\", \"time\": \"2025-01-16T08:30:00.000Z\", \"value\": \"transmission of further technical information to the vendor\"}, {\"lang\": \"en\", \"time\": \"2025-01-23T09:45:00.000Z\", \"value\": \"vulnerability has been confirmed by the vendor and a patch is in progress\"}, {\"lang\": \"en\", \"time\": \"2025-03-06T10:30:00.000Z\", \"value\": \"Vendor patch available\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Avoid using external processes: Whenever possible, use library calls instead of invoking external processes to recreate desired functionality.\\n\\nA vendor security patch available. Upgrade to release\\u00a0 fast-sb-update-2.63.0.4.tar  https://software.fast-lta.com/fast-sb-update-2.63.0.4.tar\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eAvoid using external processes: Whenever possible, use library calls instead of invoking external processes to recreate desired functionality.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eA vendor security patch available. Upgrade to release\u0026nbsp;\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://software.fast-lta.com/fast-sb-update-2.63.0.4.tar\\\"\u003efast-sb-update-2.63.0.4.tar \u003c/a\u003e\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.fast-lta.de/de/fast/silent-bricks-software-2-63\", \"tags\": [\"release-notes\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. Affected WebUI parameters are \\\"hd\\\" and \\\"pi\\\".\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. Affected WebUI parameters are \\\"hd\\\" and \\\"pi\\\".\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)\"}]}], \"providerMetadata\": {\"orgId\": \"551230f0-3615-47bd-b7cc-93e92e730bbf\", \"shortName\": \"SEC-VLab\", \"dateUpdated\": \"2025-03-31T08:33:53.271Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-2071\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-31T16:26:54.053Z\", \"dateReserved\": \"2025-03-06T18:18:48.091Z\", \"assignerOrgId\": \"551230f0-3615-47bd-b7cc-93e92e730bbf\", \"datePublished\": \"2025-03-31T08:33:53.271Z\", \"assignerShortName\": \"SEC-VLab\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.