CVE-2025-11571 | THREATINT

Description

Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution. The commands allowed to execute can open executables. However, the commands cannot pass parameters or arguments. To successfully execute this attack, the attacker needs to be on the same network.

PUBLISHED Reserved 2025-10-09 | Published 2026-03-24 | Updated 2026-03-24 | Assigner Silabs

LOW: 2.1CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

References

community.silabs.com/068Vm00000htltZ permissions-required vendor-advisory

cve.org (CVE-2025-11571)

nvd.nist.gov (CVE-2025-11571)

Download JSON

help @ threatint.eu