A critical remote code execution vulnerability in the Eclipse Equinox OSGi console interface allows unauthenticated attackers to execute arbitrary system commands via base64-encoded payloads.

This vulnerability allows an unauthenticated attacker to connect to the OSGi console port and inject base64-encoded commands wrapped in fork directives, resulting in unauthorized command execution and reverse shell establishment.

The CVSS score of 9.8 confirms the critical nature of this vulnerability. Successful exploitation permits full control over the host system, enabling attackers to extract sensitive data, deploy malware, or disrupt critical business services, resulting in significant operational and security impacts.

Immediate Action: Upgrade Eclipse Equinox OSGi to a secure, supported version. If upgrading is not immediately possible, disable the console interface.

Proactive Monitoring: Monitor for suspicious telnet connections to the OSGi console port and review system logs for unusual command execution patterns.

Compensating Controls: Implement strict network access controls to ensure the console interface is inaccessible to anyone but authorized personnel on secure networks.

Public Exploit Available: No

Given that this affects older versions of the software, immediate migration to a current, supported version is required. If migration is not feasible, the console interface must be isolated or disabled to mitigate the risk of remote code execution.