CVE-2025-2071

OS Command Injection Vulnerability in FAST LTA Silent Brick WebUI

Description

A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. Affected WebUI parameters are "hd" and "pi".

Remediation

Solution:

  • Avoid using external processes: Whenever possible, use library calls instead of invoking external processes to recreate desired functionality. A vendor security patch available. Upgrade to release  fast-sb-update-2.63.0.4.tar https://software.fast-lta.com/fast-sb-update-2.63.0.4.tar

Category

10.0
CVSS
Severity: Critical
CVSS 4.0 •
EPSS 1.02% Top 25%
Affected: FAST LTA FAST LTA Silent Brick WebUI
Published at:
Updated at:

References

Link Tags
https://www.fast-lta.de/de/fast/silent-bricks-software-2-63 release notes

Frequently Asked Questions

What is the severity of CVE-2025-2071?
CVE-2025-2071 has been scored as a critical severity vulnerability.
How to fix CVE-2025-2071?
To fix CVE-2025-2071: Avoid using external processes: Whenever possible, use library calls instead of invoking external processes to recreate desired functionality. A vendor security patch available. Upgrade to release  fast-sb-update-2.63.0.4.tar https://software.fast-lta.com/fast-sb-update-2.63.0.4.tar
Is CVE-2025-2071 being actively exploited in the wild?
It is possible that CVE-2025-2071 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-2071?
CVE-2025-2071 affects FAST LTA FAST LTA Silent Brick WebUI.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.