CVE-2025-15349
Race Condition in Anritsu ShockLine SCPI Enables Remote Code Execution
Publication date: 2026-01-23
Last updated on: 2026-02-23
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anritsu | shockline | 2025.4.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-362 | The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a race condition in the SCPI component of the Anritsu ShockLine product caused by improper locking during operations on an object. It allows a network-adjacent attacker to execute arbitrary code remotely without needing authentication, running code with the privileges of the current process. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to remote code execution, allowing an attacker to run arbitrary code with the same privileges as the affected process. This can compromise the confidentiality, integrity, and availability of the system. [1]