CVE-2025-15388 HIGH

CVE-2025-15388: QNO Technology|VPN Firewall - OS Command Injection

Vendor Qno Technology
Product VPN Firewall
Weakness CWE-78
Published December 31, 2025
Last update December 31, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.

Key dates

02Disclosure timeline

December 31, 2025 CVE published
December 31, 2025 Record updated