CVE-2025-54857
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-01

Last updated on: 2025-09-02

Assigner: JPCERT/CC

Description
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge BASIC MB-A130 Ver.1.5.8 and earlier. If exploited, a remote unauthenticated attacker may execute arbitrary OS commands with root privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-01
Last Modified
2025-09-02
Generated
2026-06-16
AI Q&A
2025-09-01
EPSS Evaluated
2026-06-14
NVD
CVE-2025-54857
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
seiko_solutions skybridge_basic_mb-a130 1.5.8
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-54857 is an OS command injection vulnerability in SkyBridge BASIC MB-A130 firmware version 1.5.8 and earlier. It allows a remote unauthenticated attacker to execute arbitrary operating system commands with root privileges via the device's Web-UI. This means an attacker can run any command on the device without needing to log in, potentially compromising the entire system. [1, 2]

Impact Analysis

If exploited, this vulnerability can lead to severe impacts including system attacks, destruction, data theft, data tampering, and unauthorized administrator-level access. Because the attacker gains root privileges, they can fully control the device, compromising confidentiality, integrity, and availability of the system and its data. [1, 2]

Mitigation Strategies

To mitigate this vulnerability, immediately update the SkyBridge BASIC MB-A130 firmware to version 1.6.0 or later, which contains the fix. If updating is not feasible, reduce risk by prohibiting Web-UI access from both WAN and LAN or by using a closed network that is not connected to the internet. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-54857. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart