CVE-2025-0636

Published: Oct 13, 2025Modified: Oct 14, 2025

8.4

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Exploitability: 1.7 / Impact: 6.0

Source: 85b1779b-6ecd-4f52-bcc5-73eac4659dcf (Secondary)

Description

EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution.

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (1)

https://www.ericsson.com/en/about-us/security/psirt/cve-2025-0636

Source: 85b1779b-6ecd-4f52-bcc5-73eac4659dcf

Timeline

No history available yet.