<ciso brief/>
Tag Banner

All news with #os command injection tag

all tags →

Tue, November 25, 2025

Zenitel TCIV-3+ Multiple Remote Code Execution Flaws

#Security Advisory #Zenitel #RCE #OS Command Injection #Cross-Site Scripting #Out-of-Bounds Write

⚠️ Zenitel has disclosed multiple high‑severity vulnerabilities in the TCIV-3+ intercom device, including three OS command injection flaws, an out‑of‑bounds write, and a reflected XSS. The issues (CVE-2025-64126 through CVE-2025-64130) carry high CVSS ratings — several are scored CVSS v4 10.0 — and can be exploited remotely with low complexity. Zenitel advises upgrading to version 9.3.3.0 or later; CISA recommends isolating devices, minimizing Internet exposure, and applying defensive controls until patches are deployed.

read more →