CVE-2025-14705

CriticalPublic PoC

Published: 15 December 2025

Published

15 December 2025

Modified

09 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0147 81.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was determined in Shiguangwu sgwbox N3 2.0.25. This affects an unknown function of the component SHARESERVER Feature. This manipulation of the argument params causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed…

and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly mitigates command injection by requiring validation and sanitization of the 'params' argument in the SHARESERVER feature before processing.

SI-2 Flaw Remediation good match

prevent

Requires identification, reporting, and correction of flaws like this command injection vulnerability through timely patching or workarounds.

SC-7 Boundary Protection good match

prevent

Enforces boundary protection to monitor and control network communications to the vulnerable SHARESERVER feature, blocking remote unauthenticated access.

Security SummaryAI

CVE-2025-14705 is a command injection vulnerability in Shiguangwu sgwbox N3 version 2.0.25. It affects an unknown function within the SHARESERVER feature, where manipulation of the "params" argument triggers the injection. The issue aligns with CWE-74 (Improper Neutralization of Special Elements used in an SQL Command) and CWE-77 (Command Injection), and it was published on 2025-12-15.

Remote attackers can exploit this vulnerability without authentication or user interaction, requiring only network access and low attack complexity, as indicated by the CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base score 9.8). Successful exploitation enables arbitrary command execution, potentially leading to high impacts on confidentiality, integrity, and availability of the affected system.

VulDB advisories note that the exploit has been publicly disclosed and may be utilized, with references including detailed entries at vuldb.com/?ctiid.336422 and a Notion page on the sgwbox NAS N3 command injection. The vendor was contacted early about the disclosure but provided no response, and no patches or mitigations are detailed in the available references.

Details

CWE(s): CWE-74 CWE-77

Affected Products

sgwbox

n3 firmware

≤ 2.0.25

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

T1202 Indirect Command Execution Stealth

Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

attack.mitre.org →

Why these techniques?

Unauthenticated remote command injection via SHARESERVER params in web interface enables exploitation of public-facing application (T1190), Unix shell command execution (T1059.004), and indirect command execution (T1202 as assigned in advisory).

References

https://vuldb.com/?ctiid.336422
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.336422
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.706974
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.notion.so/sgwbox-NAS-N3-Command-Injection-2be6cf4e528a80d69da5d6d17456a183?source=copy_link
Exploit, Third Party Advisory · cna@vuldb.com