CVE-2025-22939
Published: 31 March 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2025-22939 is a command injection vulnerability (CWE-77) in the telnet service of the Adtran 411 ONT running firmware version L80.00.0011.M2. This flaw enables attackers to escalate privileges to root and execute arbitrary commands on the affected device. The vulnerability received a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, and lack of required privileges or user interaction.
Remote attackers can exploit this vulnerability over the network by sending specially crafted input to the telnet service, achieving unauthenticated root privilege escalation and full arbitrary command execution. Successful exploitation grants complete control over the ONT device, potentially allowing attackers to manipulate network traffic, install persistent malware, or pivot to other systems in the ISP environment.
Mitigation details and further technical analysis are available in advisories referenced at https://drive.google.com/file/d/1levaZk5aC6g6a2zPW8xlOIVAu9MFYvAz/view, https://lanrat.com/posts/adtran-isp-hacking/, and https://www.youtube.com/watch?v=Aic-QaSqjxc. Security practitioners should review these sources for patch availability or workaround guidance specific to Adtran 411 ONT deployments.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Command injection in exposed telnet service directly enables remote unauthenticated arbitrary command execution on Unix-based device and root privilege escalation.