CVE-2025-10589
BaseFortify
Publication date: 2025-09-17
Last updated on: 2025-09-17
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| n-partner | n-reporter | * |
| n-partner | n-cloud | * |
| n-partner | n-reporter | 6.1.187 |
| n-partner | n-probe | * |
| n-partner | n-cloud | 7.0.009 |
| n-partner | n-probe | From 20250811094737 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an OS Command Injection flaw in N-Partner's products N-Reporter, N-Cloud, and N-Probe. It allows an authenticated remote attacker to inject and execute arbitrary operating system commands on the affected servers, potentially compromising the system. [1, 2]
How can this vulnerability impact me? :
The vulnerability can lead to severe impacts including unauthorized execution of arbitrary OS commands on the server, which can compromise confidentiality, integrity, and availability of the system. This could result in data breaches, system manipulation, or denial of service. [2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update your affected devices' firmware and kernel. For firmware, update to version 6.1.187 (20250730-1734) or later if you are using the 6.x series, or to version 7.0.009 (20250805-1505) or later if you are using the 7.x series. Additionally, update the kernel to version 20250811094737 or later. Applying these updates simultaneously is necessary to remediate the OS Command Injection vulnerability. [1, 2]