CVE-2025-57199

HighPublic PoC

Published: 03 December 2025

Published

03 December 2025

Modified

23 December 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0083 74.6th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the NetFailDetectD binary. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents command injection by validating crafted inputs to the vulnerable NetFailDetectD binary.

SI-2 Flaw Remediation good match

prevent

Requires timely flaw remediation through vendor patches specifically available for CVE-2025-57199 in the DGM1104 product.

AC-6 Least Privilege partial match

prevent

Enforces least privilege to restrict the scope and impact of arbitrary commands executed by low-privilege authenticated attackers.

Security SummaryAI

CVE-2025-57199 is an authenticated command injection vulnerability (CWE-77) affecting the NetFailDetectD binary in AVTECH SECURITY Corporation's DGM1104 FullImg-1015-1004-1006-1003 product. This flaw enables attackers to execute arbitrary commands through crafted input. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.

Attackers with low-privilege authenticated access (PR:L) can exploit the vulnerability remotely over the network without requiring user interaction. Exploitation allows execution of arbitrary commands on the affected system, potentially leading to full compromise given the high impact ratings across all security vectors.

Advisories, patches, and additional details are available via vendor references at http://avtech.com and http://dgm1104.com, as well as vulnerability research at https://github.com/xchg-rax-rax/vulnerability-research/tree/main/CVE-2025-57199.

Details

CWE(s): CWE-77

Affected Products

avtech

dgm1104 firmware

all versions

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

Authenticated command injection in NetFailDetectD binary enables arbitrary remote command execution (T1059 Command and Scripting Interpreter) via exploitation of the vulnerable remote service (T1210 Exploitation of Remote Services).

References

http://avtech.com
Product · cve@mitre.org
http://dgm1104.com
Broken Link · cve@mitre.org
https://github.com/xchg-rax-rax/vulnerability-research/tree/main/CVE-2025-57199
Exploit, Third Party Advisory · cve@mitre.org