CVE-2025-15081
Unknown Unknown - Not Provided
Remote Command Injection in JD Cloud BE6500 sub_4780 Function

Publication date: 2025-12-25

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in JD Cloud BE6500 4.4.1.r4308. This issue affects the function sub_4780 of the file /jdcapi. Such manipulation of the argument ddns_name leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-25
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-12-25
EPSS Evaluated
2026-06-15
NVD
CVE-2025-15081
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jd_cloud be6500 4.4.1.r4308
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-15081 is a command injection vulnerability in the JD Cloud BE6500 device firmware version 4.4.1.r4308. It occurs in the function sub_4780 within the /jdcapi endpoint, where the ddns_name parameter is not properly sanitized. This allows an attacker to inject arbitrary system commands that get executed with root privileges. The vulnerability can be exploited remotely by sending specially crafted requests, leading to full system compromise. [1, 2, 3]

Impact Analysis

Exploiting this vulnerability allows an attacker to execute arbitrary commands on the affected device with root privileges. This can lead to full device compromise, including unauthorized access, control over the system, data theft, disruption of services, and potentially using the device as a foothold for further attacks within a network. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by monitoring for suspicious POST requests to the /jdcapi endpoint containing the ddns_name parameter with unusual or command injection payloads. A proof-of-concept exploit involves sending a JSON payload with ddns_name set to a command such as a reverse shell. Network detection can include inspecting HTTP traffic for such payloads. On the device, checking logs for unexpected command executions or reverse shell connections may help. Specific commands to detect exploitation attempts are not provided in the resources. [1, 2, 3]

Mitigation Strategies

No vendor patch or mitigation is currently available for this vulnerability. Immediate steps include restricting network access to the affected device, especially blocking access to the /jdcapi endpoint from untrusted networks, monitoring for suspicious activity, and considering replacement of the affected product. Since the vulnerability allows remote command execution with root privileges, isolating the device and applying network-level controls are critical until a fix is available. [3]

Compliance Impact

The vulnerability allows remote attackers to execute arbitrary commands with root privileges on the affected device, leading to full system compromise. This can result in unauthorized access to sensitive data, impacting confidentiality, integrity, and availability. Such a compromise can lead to non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and breaches. However, no specific compliance impact or regulatory assessment is detailed in the provided resources. [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15081. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart