CVE-2025-2071 CRITICAL

CVE-2025-2071: OS Command Injection Vulnerability in FAST LTA Silent Brick WebUI

Vendor Fast Lta

Product FAST LTA Silent Brick WebUI

Weakness CWE-78

Published March 31, 2025

Last update March 31, 2025

View on NVD All CVEs

CVSS base score

10.0/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/RE:M/U:Amber

What the vulnerability does

01Description

A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. Affected WebUI parameters are "hd" and "pi".

Key dates

02Disclosure timeline

March 31, 2025 CVE published

March 31, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-2071 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2025-2071

CWE CWE-78

CVSS 10.0 / CRITICAL

Affected versions