CVE-2025-59817 HIGH

CVE-2025-59817: Authenticated Remote Code Execution in zForm_auto_config

Vendor Zenitel
Product TCIS-3+
Weakness CWE-77
Published September 25, 2025
Last update September 29, 2025

CVSS base score

8.4/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

This vulnerability allows attackers to execute arbitrary commands on the underlying system. Because the web portal runs with root privileges, successful exploitation grants full control over the device, potentially compromising its availability, confidentiality, and integrity.

Key dates

02Disclosure timeline

September 25, 2025 CVE published
September 29, 2025 Record updated