cbcvebase.
CVE-2025-64127
published 2025-11-26

CVE-2025-64127: An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later…

PriorityP276critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
2.28%
80.9th percentile
An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate validation. This could allow an unauthenticated attacker to execute arbitrary commands remotely.

Affected

1 ranges
VendorProductVersion rangeFixed in
zeniteltciv-3<= 9.3.3.0

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-64127 affects Zenitel TCIV-3+ (all versions prior to 9.3.3.0): unauthenticated OS command injection via insufficiently sanitized user-supplied parameters incorporated into OS commands — monitor for unexpected command execution originating from the TCIV-3+ web interface
  • No authentication is required to exploit CVE-2025-64127 (PR:N, UI:N); alert on any unauthenticated HTTP requests to Zenitel TCIV-3+ management interfaces that contain shell metacharacters (e.g., ;, |, &&, $(), backticks) in parameter values
  • Zenitel TCIV-3+ devices should not be internet-accessible; detect and alert on any direct internet-facing exposure of these ICS devices as a precursor risk indicator
  • ·CVE-2025-64127 is one of three OS command injection CVEs (CVE-2025-64126, CVE-2025-64127, CVE-2025-64128) affecting Zenitel TCIV-3+; ensure detections cover all three injection vectors, as each involves a distinct parameter/validation failure
  • ·All versions of Zenitel TCIV-3+ prior to 9.3.3.0 are vulnerable; version fingerprinting of deployed devices is necessary to scope detection and prioritize patching
  • ·No known public exploitation has been reported at time of advisory publication; threat hunting should be proactive rather than reactive

CVSS provenance

nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv4.010.0CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.