CVE-2025-8769
Remote Code Execution via Perl Injection in Telenium Login Script
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| megasys | telenium | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in Telenium Online Web Application arises from a Perl script used to load the login page that does not properly validate input. This flaw allows an attacker to inject arbitrary Perl code via a specially crafted HTTP request, which can then be executed remotely on the server, leading to remote code execution.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows an attacker to execute arbitrary code remotely on the server hosting the Telenium Online Web Application. This could lead to unauthorized control over the server, data breaches, disruption of network management operations, and potential compromise of critical infrastructure managed by the software.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
While the provided resources do not explicitly mention GDPR or HIPAA, Telenium is used in critical infrastructure environments requiring compliance with regulatory standards such as NERC and FERC. A remote code execution vulnerability could jeopardize compliance by exposing sensitive data, undermining security controls, and potentially causing unauthorized access or data breaches, which would conflict with the requirements of standards like GDPR and HIPAA. [2]