CVE-2025-26003
Published: 26 March 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2025-26003 is an unauthorized command execution vulnerability (CWE-94: Code Injection) affecting Telesquare TLR-2005KSH version 1.1.4. The issue arises when the admin.cgi parameter is requested with the setAutorest option, allowing improper handling that leads to command injection. Published on 2025-03-26, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for complete system compromise.
The vulnerability can be exploited by any unauthenticated attacker with network access to the affected device. Exploitation requires low complexity and no user interaction, enabling remote arbitrary command execution. This grants high-impact privileges, potentially allowing full control over the device, including data exfiltration, modification, or disruption of services.
Mitigation details and further technical analysis are provided in the referenced advisory at https://github.com/Fan-24/Digging/blob/main/5/1.md.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Remote command injection in public-facing admin.cgi CGI script directly enables T1190 exploitation of public-facing applications for initial access and arbitrary command execution via Unix shell (T1059.004) on the Linux-based device.