A critical remote code execution vulnerability, identified as CVE-2025-64093, has been discovered in multiple products. This flaw allows an unauthenticated attacker to take complete control of a vulnerable device over the network by sending a specially crafted request containing malicious commands. Successful exploitation could lead to a full system compromise, resulting in data theft, service disruption, and further network intrusion.

This vulnerability is a command injection flaw that occurs when the device processes a user-supplied hostname. An unauthenticated attacker can send a network request containing a hostname embedded with arbitrary shell commands (e.g., using characters like ;, |, or $()). The software fails to properly sanitize this input, causing the injected commands to be executed on the underlying operating system with the privileges of the running service, potentially leading to a complete system takeover.

This vulnerability is rated as critical severity with a CVSS score of 10.0, posing a direct and severe threat to the organization. An attacker can exploit this flaw without any authentication, making any vulnerable, network-accessible device a target. The potential consequences include a complete compromise of confidentiality, integrity, and availability; exfiltration of sensitive data; deployment of ransomware; and using the compromised device as a pivot point to attack the internal network. A successful attack could lead to significant financial loss, operational downtime, and reputational damage.

Immediate Action: Immediately apply the security updates provided by the relevant vendors to patch all affected products to the latest version. Prioritize patching for systems that are exposed to the internet or are critical to business operations. After patching, monitor systems for any signs of compromise and review historical access logs for suspicious activity.

Proactive Monitoring: Implement enhanced monitoring to detect potential exploitation attempts. Security teams should look for malformed hostnames in network traffic and system logs (e.g., DHCP, DNS, or system event logs) that contain shell command characters. Monitor for unusual outbound network connections from affected devices, which could indicate a reverse shell, and be alert for the creation of unexpected processes or files on these systems.

Compensating Controls: If immediate patching is not possible, implement the following controls to reduce risk:

• Use a Web Application Firewall (WAF) or Intrusion Prevention System (IPS) with signatures capable of detecting and blocking command injection attempts.
• Restrict network access to the management interfaces of affected devices to a limited set of trusted IP addresses.
• Implement network segmentation to isolate vulnerable devices from critical internal network resources, limiting an attacker's ability to move laterally.

Public Exploit Available: false

Given the critical CVSS score of 10.0, this vulnerability represents a severe and immediate risk to the organization, allowing an unauthenticated attacker to gain complete control over affected systems remotely. Although this CVE is not currently listed on the CISA KEV catalog, its severity demands an urgent response. The primary recommendation is to apply the vendor-supplied patches to all affected systems immediately. If patching is delayed, the compensating controls outlined above must be implemented as a temporary mitigation.