cbcvebase.
CVE-2025-58428
published 2025-10-23

CVE-2025-58428: The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote…

PriorityP273critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
1.31%
67.0th percentile
The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. This could allow the attacker to achieve remote command execution, full shell access, and potential lateral movement within the network.

Affected

1 ranges
VendorProductVersion rangeFixed in
veeder-roottls4b_automatic_tank_gauge_system< 11.A11.A

Detection & IOCsextracted from sources · hover to see the quote

  • Target the SOAP-based web services handler on TLS4B ATG systems; command injection is triggered through this interface by authenticated remote attackers
  • Monitor for unexpected system-level command execution or shell spawning originating from the SOAP/web services process on TLS4B devices, which may indicate exploitation of CVE-2025-58428
  • Alert on TLS4B ATG devices running firmware versions prior to 11.A exposed to network access, as all such versions are affected by this command injection vulnerability
  • ·Exploitation requires valid credentials (low-privilege authenticated access); unauthenticated exploitation is not indicated by current reporting
  • ·No known public exploitation or proof-of-concept has been reported to CISA at time of advisory publication
  • ·The vulnerability is scoped as network-accessible (AV:N) with changed scope (S:C), meaning successful exploitation can impact resources beyond the TLS4B device itself, enabling lateral movement

CVSS provenance

nvdv3.19.9CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvdv4.09.4CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.