CVE-2025-59818
Authenticated Remote Code Execution via the file name of an uploaded file
This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Productos afectados
Zenitel · TCIS-3+¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://wiki.zenitel.com/wiki/Turbine_9.3_-_Release_noteshttps://wiki.zenitel.com/wiki/VSF-Display_Series_9.3_Release_Noteshttps://wiki.zenitel.com/wiki/VSF-Fortitude6_9.3_Release_Noteshttps://wiki.zenitel.com/wiki/VSF-Fortitude8_9.3_Release_Noteshttps://wiki.zenitel.com/wiki/ZIPS_9.3_-_Release_noteshttps://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf