CVE-2025-11787 HIGH

CVE-2025-11787: Command injection vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Vendor Sge-Plc1000 Sge-Plc50

Product Circutor

Weakness CWE-78

Published December 2, 2025

Last update December 2, 2025

View on NVD All CVEs

CVSS base score

8.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS()', 'CheckPing()' and 'TraceRoute()' functions.

Key dates

02Disclosure timeline

December 2, 2025 CVE published

December 2, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-11787

Related vulnerabilities

04Related CVE

CVE-2019-1634 Cisco Integrated Management Controller Command Injection Vulnerability CVE-2021-47748 Hasura GraphQL 1.3.3 - Remote Code Execution CVE-2013-10049 Raidsonic NAS Devices Unauthenticated Remote Command Execution CVE-2026-23920 Host and event action script regex validation can be bypassed in certain situations, leading to potential command injection CVE-2023-4542 D-Link DAR-8000-10 sys1.php os command injection