CVE-2025-59815 HIGH

CVE-2025-59815: Authenticated Remote Code Execution in the Billing Administration portal

Vendor Zenitel
Product ICX500
Weakness CWE-77
Published September 25, 2025
Last update September 29, 2025

CVSS base score

8.4/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Exploitation can compromise the device’s availability, confidentiality, and integrity.

Key dates

02Disclosure timeline

September 25, 2025 CVE published
September 29, 2025 Record updated