Cyber Posture

CVE-2025-55055

Medium

Published: 17 November 2025

Published
17 November 2025
Modified
24 November 2025
KEV Added
Patch
CVSS Score 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0006 17.5th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

Security Summary

CVE-2025-55055, published on 2025-11-17T18:15:57.033, is classified as CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). It carries a CVSS v3.1 base score of 6.8 (AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). The specific software or component affected is not identified in the provided details.

The vulnerability can be exploited over the network with low attack complexity by an attacker possessing high privileges (PR:H), requiring user interaction (UI:R) to succeed. Successful exploitation enables high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) without changing scope.

Advisories are available via the Israeli government site at https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0, which lists CVE details for mitigation guidance.

Details

CWE(s)
CWE-78

Affected Products

maxum
rumpus
9.0.12

MITRE ATT&CK Enterprise Techniques

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
Why these techniques?

OS Command Injection (CWE-78) directly enables arbitrary command execution via OS interpreters (T1059) and represents exploitation of a remote service vulnerability (T1210).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References