CVE-2025-65883
Published: 04 December 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2025-65883 affects the Genexis Platinum P4410 router running firmware version P4410-V2-1.41. The vulnerability arises from improper session invalidation after an administrator logs out, as classified under CWE-613. This issue enables a local network attacker to reuse the stale session token for remote code execution with root privileges by sending crafted requests to the router's diagnostic endpoint.
A local network attacker with no required privileges can exploit this vulnerability due to its low attack complexity and lack of need for user interaction. By leveraging the persistent session token post-logout, the attacker achieves arbitrary command execution as root on the device. The CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) reflects high impacts on confidentiality, integrity, and availability.
Details on mitigation, including any patches or vendor advisories, can be found in the referenced write-up at https://0xw41th.medium.com/my-first-cve-cve-2025-65883-remote-code-execution-in-a-genexis-router-0c35749a99bd, published alongside the CVE on 2025-12-04.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability enables unauthenticated attackers to exploit the router's diagnostic endpoint (T1190, T1210) for arbitrary root command execution via Unix shell (T1059.004) by reusing stale admin session tokens.