CVE-2025-6225 MEDIUM

CVE-2025-6225: Command injection in Kieback&Peter Neutrino-GLT

Vendor Kieback&Peter
Product Neutrino-GLT
Weakness CWE-78
Published January 7, 2026
Last update January 7, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02

Key dates

02Disclosure timeline

January 7, 2026 CVE published
January 7, 2026 Record updated