CVE-2025-22912
CriticalCVSS 9.8Exploitation Probability (EPSS)
High risk77th percentile - higher than 77% of all known CVEs
Summary
A command injection vulnerability was discovered in RE11S firmware version v1.11 within the /goform/formAccept component. An attacker can remotely execute arbitrary system commands.
Risk Assessment
The risk for the organization includes the possibility of full device compromise, leading to data confidentiality and integrity breaches as well as network disruption.
Recommendation
It is recommended to immediately update the RE11S firmware to the latest available version that fixes this vulnerability. If an update is not available, restrict access to the administrative interface to trusted IP addresses only.
Original NVD description (English source)
RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept.

