EUVD-2025-208962
GHSA-m3q8-9565-h52h
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Tags
Description
Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution. The commands allowed to execute can open executables. However, the commands cannot pass parameters or arguments. To successfully execute this attack, the attacker needs to be on the same network.
Analysis
A command injection vulnerability exists in Silicon Labs Simplicity Studio V5 and Simplicity Installer Tool for Simplicity Studio V6, where vulnerable endpoints accept user-controlled input through URLs in JSON format, enabling arbitrary command execution. An attacker on the same network can exploit this to execute system commands, though parameter passing is restricted. While CVSS scoring is unavailable, the vulnerability represents a significant local network threat to development environments using these tools.
Technical Context
The vulnerability is rooted in CWE-78 (Improper Neutralization of Special Elements used in an OS Command), a classic OS command injection flaw where user-supplied input from JSON-formatted URL parameters is passed unsafely to system command execution functions without proper sanitization or validation. Silicon Labs Simplicity Studio V5 and the Simplicity Installer Tool (SLT) for Simplicity Studio V6 are development toolchains for embedded systems design, identified via CPE cpe:2.3:a:silabs.com:simplicity_studio_v5:*:*:*:*:*:*:*:* and cpe:2.3:a:silabs.com:simplicity_installer_tool_(silicon_labs_tool_-_slt)_for_simplicity_studio_v6:*:*:*:*:*:*:*:*. The flaw likely stems from inadequate input validation when parsing JSON payloads from network endpoints, allowing attackers to inject OS commands that execute with the privileges of the application process.
Affected Products
Silicon Labs Simplicity Studio V5 in all versions is affected, as identified by CPE cpe:2.3:a:silabs.com:simplicity_studio_v5:*:*:*:*:*:*:*:*. Additionally, the Simplicity Installer Tool (Silicon Labs Tool - SLT) for Simplicity Studio V6 is affected, as identified by CPE cpe:2.3:a:silabs.com:simplicity_installer_tool_(silicon_labs_tool_-_slt)_for_simplicity_studio_v6:*:*:*:*:*:*:*:*. The vendor advisory is available at https://community.silabs.com/068Vm00000htltZ. Exact patched version numbers are not provided in the available references, requiring direct consultation with the advisory link for version-specific remediation guidance.
Remediation
Immediately consult the Silicon Labs security advisory at https://community.silabs.com/068Vm00000htltZ to obtain and apply the patched versions for Simplicity Studio V5 and Simplicity Installer Tool for Simplicity Studio V6. As a temporary mitigation pending patch deployment, restrict network access to Simplicity Studio endpoints to trusted internal networks only, implement network segmentation to isolate development environments, and disable or firewall any unnecessary exposed JSON API endpoints. Consider deploying intrusion detection signatures that flag suspicious JSON payloads containing OS command metacharacters (e.g., semicolons, pipes, backticks) targeting these tools' endpoints. Audit recent access logs for evidence of exploitation and monitor for unexpected child process spawning from the affected applications.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today