CVE-2025-14213 | THREATINT

Description

Cato Networks’ Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface (UI) to execute arbitrary operating system commands as the root user on the Socket’s internal system.

PUBLISHED Reserved 2025-12-07 | Published 2026-03-31 | Updated 2026-03-31 | Assigner Cato

HIGH: 8.3CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:H

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-20 Improper Input Validation

Product status

Default status

unaffected

24 and below (custom)

affected

References

support.catonetworks.com/...ocket-WebUI-OS-Command-Injection

cve.org (CVE-2025-14213)

nvd.nist.gov (CVE-2025-14213)

Download JSON