CVE-2025-58428

CVE-2025-58428 is a critical command injection vulnerability (CWE-77) in the TLS4B ATG system's SOAP-based interface, which is accessible through the web services handler. This flaw affects the TLS4B ATG system running on an underlying Linux operating system. Published on 2025-10-23, it carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), reflecting its high severity due to network accessibility, low attack complexity, and broad impact across confidentiality, integrity, and availability.

The vulnerability can be exploited by remote attackers who possess valid credentials, requiring low privileges (PR:L). Exploitation enables execution of arbitrary system-level commands on the Linux host, resulting in remote command execution, full shell access, and potential lateral movement across the network, especially in scope-changed scenarios (S:C).

Mitigation guidance is detailed in CISA ICS Advisory ICSA-25-296-03 (https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-03 and https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-03.json), along with Veeder-Root's network security reminder (https://www.veeder.com/us/network-security-reminder) and software downloads page (https://www.veeder.com/us/software-downloads), which likely include patches or updates addressing the issue.