CVE-2025-8748
BaseFortify
Publication date: 2025-08-08
Last updated on: 2025-11-05
Assigner: Teradyne Robotics
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mir | software | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a command injection flaw in MiR software versions prior to 3.0.0. It allows an authenticated user to send a specially crafted HTTP request that can execute arbitrary commands on the underlying operating system.
How can this vulnerability impact me? :
The vulnerability can lead to severe impacts including full compromise of the affected system, as an attacker with valid credentials can execute arbitrary commands, potentially leading to data theft, system disruption, or further network compromise.
What immediate steps should I take to mitigate this vulnerability?
Upgrade MiR software to version 3.0.0 or later to eliminate the command injection vulnerability. Additionally, restrict authenticated user access to trusted users only and monitor for any suspicious HTTP requests that could indicate exploitation attempts.