CVE-2025-9387
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-24

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ip_block.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Other products might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-24
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-08-24
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9387
EUVD
EUVD-2025-25740
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dcnetworks dcme-720_firmware 9.1.5.11
dcnetworks dcme-720 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9387 is an OS command injection vulnerability in the DCN DCME-720 version 9.1.5.11, specifically in the Web Management Backend component's ip_block.php file. It occurs because the 'ip' argument is improperly handled, allowing attackers to inject and execute arbitrary operating system commands remotely without proper input sanitization. This flaw can compromise the system's confidentiality, integrity, and availability. [1, 2]

Impact Analysis

Exploitation of this vulnerability allows an attacker to remotely execute arbitrary OS commands on the affected device, potentially gaining full control over it. This can lead to unauthorized access, data compromise, disruption of services, and overall loss of system integrity and availability. [1, 2]

Detection Guidance

This vulnerability can be detected by checking for the presence of the vulnerable file path `/usr/local/www/function/audit/newstatistics/ip_block.php` on the DCN DCME-720 device. Additionally, attackers can be identified by monitoring for HTTP requests containing the `ip` argument being manipulated or unusual command injection patterns targeting this URL path. Google dorking with the query `inurl:usr/local/www/function/audit/newstatistics/ip_block.php` can be used to identify vulnerable targets externally. For local detection, inspecting web server logs for suspicious requests to this path or using network monitoring tools to detect command injection attempts may help. Specific commands are not provided in the resources. [1]

Mitigation Strategies

Immediate mitigation steps include replacing the affected DCN DCME-720 version 9.1.5.11 device with an alternative solution, as no vendor patches or countermeasures are currently available. Restricting access to the web management backend, especially the vulnerable `ip_block.php` component, by limiting network exposure and applying strict access controls can reduce risk. Monitoring for exploitation attempts and isolating affected devices are also recommended. Since the vendor did not respond and no patches exist, proactive replacement and network-level protections are the best immediate actions. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9387. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart