CVE-2025-6559 CRITICAL

CVE-2025-6559: Sapido Wireless Router - OS Command Injection

Vendor Sapido
Product BR071n
Weakness CWE-78
Published June 24, 2025
Last update June 24, 2025

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Multiple wireless router models from Sapido have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. The affected models are out of support; replacing the device is recommended.

Key dates

02Disclosure timeline

June 24, 2025 CVE published
June 24, 2025 Record updated