CVE-2025-57201

HighPublic PoC

Published: 03 December 2025

Published

03 December 2025

Modified

23 December 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0071 72.4th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates CVE-2025-57201 by requiring timely installation of vendor patches to remediate the command injection flaw in the SMB server function.

SI-10 Information Input Validation good match

prevent

Prevents exploitation of the authenticated command injection vulnerability by enforcing validation and sanitization of crafted inputs to the SMB server.

AC-6 Least Privilege partial match

prevent

Limits the impact of arbitrary commands executed by low-privilege authenticated attackers exploiting the SMB server vulnerability through strict enforcement of least privilege.

Security SummaryAI

CVE-2025-57201 is an authenticated command injection vulnerability (CWE-77) in the SMB server function of AVTECH SECURITY Corporation's DGM1104 FullImg-1015-1004-1006-1003 software. Published on 2025-12-03T16:15:57.137, it allows attackers to execute arbitrary commands via a crafted input and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting high severity due to its potential for significant impact on confidentiality, integrity, and availability.

The vulnerability requires low-privilege authenticated access (PR:L) over the network (AV:N), with low attack complexity (AC:L) and no user interaction (UI:N). Attackers meeting these prerequisites can inject and execute arbitrary commands on the affected system, potentially leading to full compromise including data exfiltration, modification, or disruption of services.

Advisories and further details are available from vendor sources at http://avtech.com and http://dgm1104.com, along with vulnerability research at https://github.com/xchg-rax-rax/vulnerability-research/tree/main/CVE-2025-57201. Security practitioners should review these references for recommended mitigations or patches.

Details

CWE(s): CWE-77

Affected Products

avtech

dgm1104 firmware

all versions

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

Authenticated command injection in SMB server enables arbitrary remote command execution, facilitating T1059 (Command and Scripting Interpreter) and T1210 (Exploitation of Remote Services).

References

http://avtech.com
Not Applicable · cve@mitre.org
http://dgm1104.com
Broken Link · cve@mitre.org
https://github.com/xchg-rax-rax/vulnerability-research/tree/main/CVE-2025-57201
Exploit, Third Party Advisory · cve@mitre.org