CVE-2025-63215

Published: Nov 18, 2025Modified: Jan 15, 2026

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the firmware.

Affected (1)

Products: Sound4: Impact Firmware

1 product

Impact Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sound4 Impact Firmware	Version 2.33

Running on/with	Platform Versions
Sound4 Impact	All versions

Related CWEs

Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

References (3)

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63215%20_%20Sound4%20IMPACT%20%20RCE

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.sound4helpdesk.com/

Source: cve@mitre.org

Product

https://www.sound4helpdesk.com/impact-downloads/

Source: cve@mitre.org

Product

Timeline

No history available yet.