CVE-2025-59818 | THREATINT

Description

This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.

PUBLISHED Reserved 2025-09-22 | Published 2026-02-04 | Updated 2026-02-04 | Assigner NCSC-NL

CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Product status

Default status

unaffected

<9.2.3.3 (custom)

affected

References

wiki.zenitel.com/wiki/Turbine_9.3_-_Release_notes (Zenitel Release Notes Turbine) release-notes

www.zenitel.com/.../A100K12333 Zenitel Security Advisory.pdf (Zenitel Security Advisory) vendor-advisory

wiki.zenitel.com/wiki/VSF-Fortitude8_9.3_Release_Notes (Zenitel Release Notes Fortitude8) release-notes

wiki.zenitel.com/wiki/ZIPS_9.3_-_Release_notes (Zenitel Release Notes ZIPS) release-notes

wiki.zenitel.com/wiki/VSF-Fortitude6_9.3_Release_Notes (Zenitel Release Notes Fortitude6) release-notes

wiki.zenitel.com/wiki/VSF-Display_Series_9.3_Release_Notes (Zenitel Release Notes Display Series) release-notes

cve.org (CVE-2025-59818)

nvd.nist.gov (CVE-2025-59818)

Download JSON

help @ threatint.eu