CVE-2025-2071: OS Command Injection Vulnerability in FAST LTA Silent Brick WebUI

10.0 CVSS

Description

A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. Affected WebUI parameters are "hd" and "pi".

Classification

CVE ID: CVE-2025-2071

CVSS Base Severity: CRITICAL

CVSS Base Score: 10.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/RE:M/U:Amber

Problem Types

CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)

Affected Products

Vendor: FAST LTA

Product: FAST LTA Silent Brick WebUI

Exploit Prediction Scoring System (EPSS)

EPSS Score: 1.05% (probability of being exploited)

EPSS Percentile: 76.29% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2071
https://www.fast-lta.de/de/fast/silent-bricks-software-2-63

Timeline

2025-03-31 09:40:14 UTC
CVE

OS Command Injection Vulnerability in FAST LTA Silent Brick WebUI
2025-03-31 16:00:43 UTC
DarkWebInformer

CVE-2025-2071: OS Command Injection Vulnerability in FAST LTA Silent Brick WebUI