CVE-2025-9494
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-23

Last updated on: 2025-09-24

Assigner: Carrier Global Corporation

Description
An OS command injection vulnerability has been discovered in the Vitogate 300, which can be exploited by malicious users to compromise affected installations. Specifically, the `/cgi-bin/vitogate.cgi` endpoint is affected, when the `form` JSON parameter is set to `form-0-2`. The vulnerability stems from the fact that that function at offset 0x21c24 does not properly sanitize supplied input before interpolating it into a format string which gets passed to `popen()`. Consequently, an authenticated attacker is able to inject arbitrary OS commands and thus gain code execution on affected devices.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-23
Last Modified
2025-09-24
Generated
2026-06-16
AI Q&A
2025-09-23
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9494
EUVD
EUVD-2025-30434
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
carrier vitogate_300 4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an OS command injection in the Vitogate 300 device. It occurs at the /cgi-bin/vitogate.cgi endpoint when the 'form' JSON parameter is set to 'form-0-2'. The affected function does not properly sanitize input before using it in a format string passed to the popen() function. As a result, an authenticated attacker can inject arbitrary operating system commands and execute code on the device.

Impact Analysis

An attacker who is authenticated on the affected device can exploit this vulnerability to execute arbitrary OS commands. This can lead to full compromise of the device, allowing the attacker to control it, access sensitive data, disrupt operations, or use the device as a foothold for further attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9494. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart