CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-59818

CVSS 10.0v3.1pub. 2026-02-04upd. 2026-02-11

This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.

🤖 AI Analysis
How it works

The firmware of the Zenitel Tcis-3 device improperly validates or sanitizes the file name passed during the upload operation. An attacker can embed malicious system commands in the file name, which are then executed by the device's operating system. This is a classic CWE-77 error (Improper Neutralization of Special Elements used in a Command), where untrusted data goes directly to the command interpreter.

Impact

An authenticated attacker can execute arbitrary commands at the operating system level of the device, leading to complete takeover of control, disclosure of confidential data, violation of system integrity, and potential disruption of its availability.

Mitigation & patch

Patches available from the manufacturer should be applied according to references — firmware update to versions marked in the release notes of the 9.3 series (Turbine 9.3, VSF-Display 9.3, VSF-Fortitude6 9.3, VSF-Fortitude8 9.3, ZIPS 9.3) published by Zenitel

Who is affected

Zenitel Tcis-3 and Zenitel Tcis-3 Firmware — versions indicated in the manufacturer's references (release notes for Turbine 9.3, VSF-Display 9.3, VSF-Fortitude6 9.3, VSF-Fortitude8 9.3, ZIPS 9.3)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Zenitel Tcis 3

    HW
    Zenitel
    wszystkie wersje
  • Zenitel Tcis 3 Firmware

    OS
    Zenitel
    < 9.2.3.3
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2025-64090CRITICAL10.0PL ✓ten sam produkt

Command injection w Zenitel TCIS-3 – wykonanie poleceń przez hostname

CVE-2025-64091HIGH8.6ten sam produkt

This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.

CVE-2025-64093CRITICAL10.0PL ✓ten sam vendor

RCE poprzez command injection w polu hostname urządzeń Zenitel ICx500/ICx510

CVE-2025-64092HIGH7.5ten sam vendor

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and d...

CVE-2021-40845HIGH8.8ten sam vendor

The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file...