CVE-2025-25504

MEDIUM Year: 2025
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-77
View all →

Vulnerability Description

An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges.

Related Vulnerabilities

CVE-2016-10849

MEDIUM
CVSS:6.5(Medium)

cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82).

CWE-772016

CVE-2017-12094

MEDIUM
CVSS:6.5(Medium)

An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attack...

CWE-772017

CVE-2019-12921

MEDIUM
CVSS:6.5(Medium)

In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.

CWE-772019

CVE-2019-14944

MEDIUM
CVSS:6.5(Medium)

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to priv...

CWE-772019

CVE-2021-22867

MEDIUM
CVSS:6.5(Medium)

A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not...

CWE-772021

CVE-2023-51295

MEDIUM
CVSS:6.5(Medium)

PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters.

CWE-772023