CVE-2023-25582 HIGH

CVE-2023-25582

Vendor Milesight
Product UR32L
Weakness CWE-78
Published July 6, 2023
Last update November 4, 2025

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages an already existing vlan configuration.

Key dates

02Disclosure timeline

July 6, 2023 CVE published
November 4, 2025 Record updated