CVE-2025-1265: Elseta Vinci Protocol Analyzer OS Command Injection

9.9 CVSS

Description

An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an attacker to escalate privileges and perform code execution on affected system.

Classification

CVE ID: CVE-2025-1265

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.9

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products

Vendor: Elseta

Product: Vinci Protocol Analyzer

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.16% (probability of being exploited)

EPSS Percentile: 33.84% (scored less or equal to compared to others)

EPSS Date: 2025-03-21 (when was this score calculated)

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-06
https://elseta.com/support/

Timeline

2025-02-20 16:16:10 UTC
All CISA Advisories

Elseta Vinci Protocol Analyzer
2025-02-21 00:25:35 UTC
CVE

Elseta Vinci Protocol Analyzer OS Command Injection