CVE-2025-25504

{"id": "CVE-2025-25504", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2025-05-05T16:15:50.640", "references": [{"url": "http://gefen.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.troy-wilson.com/cve-2025-25504.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges."}, {"lang": "es", "value": "Un problema en el script /usr/local/bin/jncs.sh de Gefen WebFWC (en productos AV sobre IP) v1.85h, v1.86v y v1.70 permite a atacantes con acceso a la red conectarse al dispositivo a trav\u00e9s del puerto TCP 4444 sin autenticaci\u00f3n y ejecutar comandos arbitrarios con privilegios de root."}], "lastModified": "2025-06-17T14:13:16.263", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:niceforyou:gefen_webfwc:1.70v:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD283856-18D2-4625-8A88-D3F9DFA31610"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:niceforyou:gefen_gf-avip-mc_firmware:a5.22:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E81DB305-DDB0-48A6-A171-F1F3ED3EA816"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:niceforyou:gefen_webfwc:1.85h:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D58769C1-827B-4963-A00D-2C1B389EE396"}, {"criteria": "cpe:2.3:a:niceforyou:gefen_webfwc:1.86v:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE973A49-081A-4CA1-BFCA-F71E1FC36FD4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:niceforyou:gefen_gf-avip-mc_firmware:a5.310:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C404DBC9-0EE7-4BD1-90DC-B09D4FBA5775"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}