CVE-2025-59818
Authenticated Remote Code Execution via the file name of an uploaded file
This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
Zenitel · TCIS-3+Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://wiki.zenitel.com/wiki/Turbine_9.3_-_Release_noteshttps://wiki.zenitel.com/wiki/VSF-Display_Series_9.3_Release_Noteshttps://wiki.zenitel.com/wiki/VSF-Fortitude6_9.3_Release_Noteshttps://wiki.zenitel.com/wiki/VSF-Fortitude8_9.3_Release_Noteshttps://wiki.zenitel.com/wiki/ZIPS_9.3_-_Release_noteshttps://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf