CVE-2025-57176
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2026-03-11

Assigner: MITRE

Description
On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption (metadata only) with file contents transmitted in cleartext. No authentication or path validation is performed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2025-09-15
EPSS Evaluated
2026-06-15
NVD
CVE-2025-57176
EUVD
EUVD-2025-29215
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ceragon etherhaul 7.4.0
ceragon etherhaul 10.7.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the rfpiped service on TCP port 555 of Ceragon Networks / Siklu Communication EtherHaul devices running Firmware versions 7.4.0 through 10.7.3. It allows an attacker to upload files without authentication to any writable location on the device. The file upload packets use weak encryption that only protects metadata, while the actual file contents are transmitted in cleartext. Additionally, there is no authentication or path validation performed, making it possible for unauthorized users to place files anywhere writable on the device.

Impact Analysis

This vulnerability can allow an attacker to upload arbitrary files to the device without authentication, potentially leading to unauthorized code execution, device compromise, data tampering, or disruption of device functionality. Since file contents are transmitted in cleartext, sensitive information could be intercepted during transmission. The lack of path validation could also enable overwriting critical files, further impacting device integrity and availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-57176. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart