CVE-2025-57431
BaseFortify
Publication date: 2025-09-22
Last updated on: 2025-10-14
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sound4 | pulse-eco_aes67_firmware | 1.22 |
| sound4 | pulse-eco_aes67 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-494 | The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Sound4 PULSE-ECO AES67 1.22 web-based management interface allows an attacker to perform Remote Code Execution (RCE) by exploiting the firmware update process. Specifically, the update mechanism does not validate the integrity of a script called manual.sh, enabling an attacker to modify this script within a firmware update package and inject arbitrary commands that will be executed on the device.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code remotely on the affected device, potentially leading to full control over the system. This could result in unauthorized access, data theft, disruption of services, or further attacks within the network where the device is deployed.