A critical vulnerability has been identified in multiple In vowifi products, designated as CVE-2025-31715. This flaw allows a remote, unauthenticated attacker to execute arbitrary commands on affected systems, leading to a full system compromise. Due to its critical severity (CVSS 9.8) and ease of exploitation, this vulnerability poses a significant and immediate threat to the confidentiality, integrity, and availability of an organization's data and services.

This vulnerability is a command injection flaw within the In vowifi service. The service fails to properly sanitize or validate user-supplied input before passing it to a system shell for execution. An unauthenticated remote attacker can exploit this by crafting a special request containing operating system commands, which are then executed on the underlying server with the privileges of the service account. This could lead to a complete system takeover, as the description notes it allows for remote escalation of privilege without requiring any prior access.

This vulnerability is rated as critical severity with a CVSS score of 9.8, indicating a high potential for significant business disruption. Successful exploitation would grant an attacker complete control over the affected system, enabling them to steal sensitive data, deploy ransomware, disrupt critical services, or use the compromised system as a pivot point to attack other internal network resources. The potential consequences include major financial losses, severe reputational damage, operational downtime, and potential regulatory penalties related to data breaches.

Immediate Action: The primary and most effective remediation is to apply the security updates provided by the vendor. All organizations must prioritize updating their instances of In vowifi Multiple Products to the latest version immediately, focusing first on systems exposed to the internet. Following the update, review application and system access logs for any signs of compromise that may have occurred prior to patching.

Proactive Monitoring: Implement enhanced monitoring on affected systems. Security teams should look for suspicious process execution, such as shells (sh, bash, powershell.exe) being spawned by the In vowifi service process. Monitor network traffic for unusual outbound connections from the servers running the service, and configure logging to capture and alert on input strings containing common command injection characters and keywords (e.g., ;, |, &&, curl, wget).

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk. Deploy a Web Application Firewall (WAF) or Intrusion Prevention System (IPS) with rulesets designed to detect and block command injection attempts against the In vowifi service. Additionally, restrict network access to the vulnerable service, allowing connections only from trusted IP addresses to limit the attack surface.

Public Exploit Available: false

Given the critical severity (CVSS 9.8) of this remote code execution vulnerability, we strongly recommend immediate and decisive action. Organizations must prioritize the deployment of the vendor-supplied patches to all affected In vowifi products without delay. Although this CVE is not currently on the CISA KEV list, its characteristics make it a prime candidate for future inclusion and an attractive target for attackers. If patching cannot be performed immediately, the compensating controls outlined above must be implemented as a temporary measure to mitigate the imminent risk of a full system compromise.