CVE-2025-15607

Severity CVSS v4.0:

HIGH

Type:

CWE-77 Command Injection

Publication date:

20/03/2026

Last modified:

20/03/2026

Description

A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary commands. Successful exploitation may allow execution of malicious commands and ultimately full control of the device.

Impact

Vector 4.0

CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L CVSS v4.0 Severity and Metrics:

Base Score: 7.30 HIGH
Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Attack Requirements (AT): Present
Privileges Required (PR): High
User Interaction (UI): None
Confidentiality (VC): High
Integrity (VI): High
Availability (VA): High
Confidentiality (SC): Low
Integrity (SI): Low
Availability (SA): Low

Base Score 4.0

7.30

Severity 4.0

HIGH

CVE-2025-15607

Description

Impact

References to Advisories, Solutions, and Tools