CVE-2025-2398
Published: 17 March 2025
Description
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Security Summary
CVE-2025-2398 is a vulnerability in the CLI su Command Handler of China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P, and GT3200-8G8P devices running firmware up to version 20250305. Rated as critical with a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) and mapped to CWE-1392 (Use of Default Credentials), the flaw allows manipulation leading to exploitation of default credentials.
The vulnerability can be exploited remotely by attackers who possess high privileges on the affected system. Successful exploitation enables high confidentiality, integrity, and availability impacts, facilitating unauthorized access such as execution of telnet commands, as detailed in public disclosures.
Advisories from VulDB and GitHub vulnerability reports indicate that the vendor was contacted early regarding the issue but provided no response. No patches or official mitigations are mentioned, and the exploit has been publicly disclosed, including proof-of-concept details in repositories like https://github.com/Fizz-L/Vulnerability-report/blob/main/Unauthorized%20access%20to%20execute%20the%20telnet%20command.md and VulDB entries at https://vuldb.com/?ctiid.299897 and https://vuldb.com/?id.299897.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE is explicitly mapped to CWE-1392 (Use of Default Credentials) and describes exploitation of default credentials enabling remote unauthorized access and command execution (e.g., telnet) on the affected CLI.