CVE Catalog

CVE-2025-22905

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
4.46%

90th percentile - higher than 90% of all known CVEs

Summary

A command injection vulnerability was discovered in RE11S v1.11 via the command parameter at /goform/mp. An attacker can remotely execute arbitrary system commands.

Risk Assessment

The risk involves potential full device compromise by an unauthorized attacker, leading to network confidentiality and integrity breaches.

Recommendation

Immediately update the firmware to the latest version and restrict management interface access to trusted IP addresses only.

Original NVD description (English source)

RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS