CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-64090

CVSS 10.0v3.1pub. 2026-01-09upd. 2026-02-12

This vulnerability allows authenticated attackers to execute commands via the hostname of the device.

🤖 AI Analysis
How it works

An attacker with access to an authenticated session of a Zenitel TCIS-3 device can inject malicious system commands into the hostname configuration field. Input data is not properly sanitized before being passed to the system command interpreter, which allows embedding and executing arbitrary code. Due to the AV:N vector and lack of user interaction requirements (UI:N), the attack can be conducted remotely over the network.

Impact

Successful exploitation of the vulnerability allows an attacker to gain full control over the device – reading and modifying data, disrupting its operation (denial of service), and due to the changed scope (S:C) potentially also lateral movement in the network to which the device is connected.

Mitigation & patch

Apply patches available from the manufacturer according to the references – details are contained in the Zenitel Security Advisory A100K12333 document available at the address indicated in the references. Until the patch is applied, it is recommended to restrict access to the device management interface to trusted IP addresses only and enforce strong authentication.

Who is affected

Zenitel TCIS-3 and Zenitel TCIS-3 Firmware – specific versions indicated in the manufacturer references (Zenitel advisory No. A100K12333)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Zenitel Tcis 3

    HW
    Zenitel
    wszystkie wersje
  • Zenitel Tcis 3 Firmware

    OS
    Zenitel
    < 9.2.3.3
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2025-59818CRITICAL10.0PL ✓ten sam produkt

Command Injection w Zenitel Tcis-3 via nazwa przesyłanego pliku

CVE-2025-64091HIGH8.6ten sam produkt

This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.

CVE-2025-64093CRITICAL10.0PL ✓ten sam vendor

RCE poprzez command injection w polu hostname urządzeń Zenitel ICx500/ICx510

CVE-2025-64092HIGH7.5ten sam vendor

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and d...

CVE-2021-40845HIGH8.8ten sam vendor

The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file...