CVE Catalog
CVE-2025-22905
CriticalCVSS 9.8Exploitation Probability (EPSS)
Very high risk4.46%
90th percentile - higher than 90% of all known CVEs
Summary
A command injection vulnerability was discovered in RE11S v1.11 via the command parameter at /goform/mp. An attacker can remotely execute arbitrary system commands.
Risk Assessment
The risk involves potential full device compromise by an unauthorized attacker, leading to network confidentiality and integrity breaches.
Recommendation
Immediately update the firmware to the latest version and restrict management interface access to trusted IP addresses only.
Original NVD description (English source)
RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp.

