CVE-2025-2605 | THREATINT

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most recent version of this product.

PUBLISHED Reserved 2025-03-21 | Published 2025-05-02 | Updated 2025-05-17 | Assigner Honeywell

CRITICAL: 9.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

affected

V11.04 (semver) before V12.53

affected

References

seclists.org/fulldisclosure/2025/May/19

www.honeywell.com/us/en/product-security vendor-advisory

cve.org (CVE-2025-2605)

nvd.nist.gov (CVE-2025-2605)

Download JSON