FKIE_CVE-2025-59815

Vulnerability from fkie_nvd - Published: 2025-09-25 20:15 - Updated: 2025-09-26 14:32
Severity ?
8.4 (High) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Exploitation can compromise the device’s availability, confidentiality, and integrity.
References
cert@ncsc.nlhttps://wiki.zenitel.com/wiki/Downloads#ICX-AlphaCom_System
cert@ncsc.nlhttps://wiki.zenitel.com/wiki/ICX_1.4.3.X_-_Release_Notes
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Exploitation can compromise the device\u2019s availability, confidentiality, and integrity."
    }
  ],
  "id": "CVE-2025-59815",
  "lastModified": "2025-09-26T14:32:19.853",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 6.0,
        "source": "cert@ncsc.nl",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-09-25T20:15:35.510",
  "references": [
    {
      "source": "cert@ncsc.nl",
      "url": "https://wiki.zenitel.com/wiki/Downloads#ICX-AlphaCom_System"
    },
    {
      "source": "cert@ncsc.nl",
      "url": "https://wiki.zenitel.com/wiki/ICX_1.4.3.X_-_Release_Notes"
    }
  ],
  "sourceIdentifier": "cert@ncsc.nl",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "cert@ncsc.nl",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.