CVE-2025-6225
Unknown Unknown - Not Provided
Shell Command Injection in Kieback&Peter SM70 PHWEB Login

Publication date: 2026-01-07

Last updated on: 2026-01-07

Assigner: CERT.PL

Description
Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-07
Last Modified
2026-01-07
Generated
2026-06-16
AI Q&A
2026-01-07
EPSS Evaluated
2026-06-15
NVD
CVE-2025-6225
EUVD
EUVD-2026-1225
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
kieback_peter neutrino_glt to 9.40.02 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-6225 is a vulnerability in the Kieback&Peter Neutrino-GLT building management software, specifically in its web component called "SM70 PHWEB." The vulnerability allows an attacker to perform shell command injection via the login form, meaning they can inject and execute operating system commands on the server. These commands run with low system privileges. The issue affects versions prior to 9.40.02 and has been fixed in that version. [1]

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary shell commands on the affected system with low privileges. This could lead to unauthorized actions such as information disclosure, system manipulation, or further exploitation depending on the commands executed. Although the commands run with low privileges, it still poses a security risk to the integrity and availability of the building management system. [1]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade the Kieback&Peter Neutrino-GLT software to version 9.40.02 or later, where the vulnerability has been fixed. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-6225. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart