CVE-2026-25195 An — Exploit & Vulnerability Details HIGH

CVE-2026-25195

HIGH CVSS 3.1: 8.0 EPSS 0.28%

Parameter	Value
CVSS	8.0 (HIGH)
Type	CWE-78 (OS Command Injection)
Vendor	An
Public PoC	No

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted firmware update file via the firmware update route.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

High

Difficult to exploit

Privileges Required

High

Admin privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-78 OS Command Injection

References 3

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-0…

ics-cert@hq.dhs.gov

https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate

ics-cert@hq.dhs.gov

https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10

ics-cert@hq.dhs.gov

Share Post Share Share Share

Menu

CVE-2026-25195

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 3

CVE Details

Editor's Choice

Menu

CVE-2026-25195

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 3

CVE Details

Editor's Choice

Stay informed on cybersecurity