CVE-2025-11571

Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution. The commands allowed to execute can open executables. However, the commands cannot pass parameters or arguments. To successfully execute this attack, the attacker needs to be on the same network.

CVSS

No CVSS.

References

Link	Resource
https://community.silabs.com/068Vm00000htltZ

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-24 17:16

Updated : 2026-03-25 15:41

NVD link : CVE-2025-11571

Mitre link : CVE-2025-11571

CVE.ORG link : CVE-2025-11571

JSON object : View

Products Affected

No product.

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2025-11571", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "product-security@silabs.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-24T17:16:25.863", "references": [{"url": "https://community.silabs.com/068Vm00000htltZ", "source": "product-security@silabs.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "product-security@silabs.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution. The commands allowed to execute can open executables. However, the commands cannot pass parameters or arguments.\u00a0\nTo successfully execute this attack, the attacker needs to be on the same network."}, {"lang": "es", "value": "Los puntos finales vulnerables aceptan entrada controlada por el usuario a trav\u00e9s de una URL en formato JSON, lo que permite la ejecuci\u00f3n de comandos. Los comandos permitidos para ejecutar pueden abrir ejecutables. Sin embargo, los comandos no pueden pasar par\u00e1metros o argumentos. Para ejecutar con \u00e9xito este ataque, el atacante necesita estar en la misma red."}], "lastModified": "2026-03-25T15:41:58.280", "sourceIdentifier": "product-security@silabs.com"}

CVE-2025-11571

JSON object

Attach tags to CVE-2025-11571

Attach tags to `CVE-2025-11571`