A critical remote code execution vulnerability, identified as CVE-2025-54857, has been discovered in SkyBridge BASIC MB-A130 devices. This flaw allows a remote, unauthenticated attacker to inject and execute arbitrary operating system commands, leading to a complete compromise of the affected device. Successful exploitation could result in data theft, service disruption, or the device being used to launch further attacks against the internal network.

The vulnerability is an OS Command Injection flaw. The software fails to properly sanitize user-supplied input before passing it to a system shell command. A remote, unauthenticated attacker can send specially crafted data to the device, embedding malicious OS commands using special metacharacters (e.g., ;, |, &&). These injected commands are then executed on the underlying operating system with the privileges of the application, potentially allowing the attacker to gain full control over the device.

This vulnerability is rated critical with a CVSS score of 9.8, reflecting the extreme risk it poses to the organization. An attacker can achieve complete system compromise, violating all aspects of the CIA triad (Confidentiality, Integrity, and Availability). Potential consequences include the exfiltration of sensitive data stored on or passing through the device, installation of persistent malware or ransomware, complete disruption of the device's functionality, and using the compromised system as a pivot point to attack other critical assets on the corporate network.

Immediate Action: Update all affected SkyBridge BASIC MB-A130 devices to the latest version provided by the vendor, which addresses this vulnerability. After patching, review system and access logs for any signs of compromise that may have occurred prior to the update.

Proactive Monitoring: Implement enhanced monitoring for affected devices. Scrutinize network traffic for unusual outbound connections and review device logs for suspicious input containing shell metacharacters (e.g., ;, |, &, $(), `). Monitor for unexpected running processes or system configuration changes on the devices.

Compensating Controls: If immediate patching is not feasible, apply the following compensating controls:

• Restrict access to the device's management interface to a trusted, isolated network segment.
• Deploy a Web Application Firewall (WAF) or Intrusion Prevention System (IPS) with rules designed to detect and block OS command injection attack patterns.
• If possible, disable the specific functionality or component that is vulnerable until a patch can be applied.

Public Exploit Available: false

Given the critical CVSS score of 9.8 and the potential for complete system compromise by an unauthenticated remote attacker, immediate action is required. Organizations must prioritize the immediate patching of all vulnerable SkyBridge devices as the primary method of remediation. Although this vulnerability is not currently on the CISA Known Exploited Vulnerabilities (KEV) catalog, its high severity makes it a prime candidate for future inclusion. Implement the recommended remediation and monitoring controls without delay to mitigate the significant risk posed by this vulnerability.