CVE-2025-26056

{"id": "CVE-2025-26056", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2025-04-01T19:15:44.427", "references": [{"url": "https://github.com/rohan-pt/CVE-2025-26056", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot module \"MTR\" functionality. The vulnerability is due to improper validation of user-supplied input in the mtrIp parameter. An attacker can exploit this flaw to execute arbitrary operating system commands on the underlying system with the same privileges as the web application process."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en Infinxt iEdge 100 2.1.32, en la funcionalidad \"MTR\" del m\u00f3dulo de soluci\u00f3n de problemas. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de la entrada proporcionada por el usuario en el par\u00e1metro mtrIp. Un atacante puede explotar esta vulnerabilidad para ejecutar comandos arbitrarios del sistema operativo en el sistema subyacente con los mismos privilegios que el proceso de la aplicaci\u00f3n web."}], "lastModified": "2025-04-14T18:15:28.560", "sourceIdentifier": "cve@mitre.org"}