CVE-2025-8769
Unknown Unknown - Not Provided
Remote Code Execution via Perl Injection in Telenium Login Script

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: ICS-CERT

Description
Telenium Online Web Application is vulnerable due to a Perl script that is called to load the login page. Due to improper input validation, an attacker can inject arbitrary Perl code through a crafted HTTP request, leading to remote code execution on the server.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-8769
EUVD
EUVD-2025-205297
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
megasys telenium *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in Telenium Online Web Application arises from a Perl script used to load the login page that does not properly validate input. This flaw allows an attacker to inject arbitrary Perl code via a specially crafted HTTP request, which can then be executed remotely on the server, leading to remote code execution.

Impact Analysis

This vulnerability can have severe impacts as it allows an attacker to execute arbitrary code remotely on the server hosting the Telenium Online Web Application. This could lead to unauthorized control over the server, data breaches, disruption of network management operations, and potential compromise of critical infrastructure managed by the software.

Compliance Impact

While the provided resources do not explicitly mention GDPR or HIPAA, Telenium is used in critical infrastructure environments requiring compliance with regulatory standards such as NERC and FERC. A remote code execution vulnerability could jeopardize compliance by exposing sensitive data, undermining security controls, and potentially causing unauthorized access or data breaches, which would conflict with the requirements of standards like GDPR and HIPAA. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-8769. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart