CVE-2025-0636 HIGH

CVE-2025-0636: Arbitrary Code Execution vulnerability in Ericsson RAN Compute and Site Controller

Vendor Ericsson

Product Site Controller 6610

Weakness CWE-78

Published October 13, 2025

Last update October 14, 2025

View on NVD All CVEs

CVSS base score

8.4/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution.

Key dates

02Disclosure timeline

October 13, 2025 CVE published

October 14, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-0636

Related vulnerabilities

Identifiers

CVE CVE-2025-0636

CWE CWE-78

CVSS 8.4 / HIGH

Affected versions

Vendor Ericsson

Product Site Controller 6610

Affected < S24.Q2

Vendor Ericsson

Product RAN Compute (all BB versions)

Affected < 24.Q1.C5

CVE-2025-0636: Arbitrary Code Execution vulnerability in Ericsson RAN Compute and Site Controller

01Description

02Disclosure timeline

03References

04Related CVE