A high-severity vulnerability has been discovered in multiple Anritsu products, allowing for remote code execution. An attacker could exploit this flaw by tricking the system into processing a specially crafted file, which could grant them complete control over the affected device, leading to potential data theft, operational disruption, and further network intrusion.

The vulnerability exists within the file parsing component responsible for handling ShockLine CHX files. The software fails to properly sanitize path information contained within a user-supplied CHX file. An attacker can create a malicious CHX file with directory traversal sequences (e.g., ../) to write an arbitrary file to a chosen location on the system. By writing a malicious script (such as a web shell) or an executable to a location where it will be executed by the system or another service, the attacker can achieve remote code execution with the privileges of the Anritsu software service.

This vulnerability is rated as High severity with a CVSS score of 7.8. Successful exploitation could have a significant business impact, including the compromise of sensitive test data, intellectual property, or network credentials. An attacker with remote code execution could disrupt critical testing and measurement operations, causing service downtime and financial loss. Furthermore, the compromised Anritsu device could be used as a pivot point to launch further attacks against the internal corporate network, escalating the security incident.

Immediate Action: Apply the security patches provided by Anritsu immediately, prioritizing all internet-facing systems. After patching, it is critical to review system and access logs for any signs of compromise that may have occurred prior to the patch application.

Proactive Monitoring: Implement enhanced monitoring on affected systems. Security teams should look for logs indicating CHX file parsing errors, unexpected file creation in sensitive system directories (e.g., web server roots, startup folders), and suspicious outbound network connections originating from the Anritsu devices, which could indicate a command-and-control channel.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce risk. Isolate affected devices from the internet and segment them from critical internal networks. Restrict file upload capabilities to trusted sources only and use application control or whitelisting solutions to prevent the execution of unauthorized code on the host system.

Public Exploit Available: false

This vulnerability presents a significant risk to the organization and must be addressed with urgency. Although CVE-2025-7975 is not currently listed on the CISA KEV list, its high severity makes it a prime candidate for future inclusion. We strongly recommend that all system owners immediately implement the vendor-supplied patches as outlined in the Remediation Plan, starting with internet-accessible devices. Organizations should operate under the assumption that an exploit is imminent and proactively hunt for indicators of compromise within their environments.