What is the CVSS score of CVE-2025-15348?

CVE-2025-15348 has a CVSS 3.0 base score of 7.8 (High). CVSS vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Shockline are affected by CVE-2025-15348?

A high-severity remote code execution vulnerability (CVE-2025-15348) affects Anritsu ShockLine devices with a 7.8 CVSS score, allowing attackers to execute arbitrary code through malicious file…

How to fix or mitigate CVE-2025-15348?

Within 24 hours: Identify all Anritsu ShockLine installations in your environment and assess their network exposure. Immediately restrict network access to affected devices using firewall rules, limiting connections to trusted sources only. Within 7 days: Implement network segmentation to isolate ShockLine devices from critical infrastructure and implement file upload restrictions at entry points. Document all instances and disable unnecessary CHX file parsing features if operationally feasible. Within 30 days: Evaluate vendor patch availability daily, engage Anritsu for security guidance and timeline, and develop a prioritized patching plan; consider alternative equipment if patch timeline is unacceptable.

Shockline CVE-2025-15348

HIGH

Deserialization of Untrusted Data (CWE-502)

2026-01-23 zdi-disclosures@trendmicro.com

RCE Deserialization Shockline

7.8

CVSS 3.0 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 23, 2026 - 04:16 nvd

HIGH 7.8

DescriptionCVE.org

Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of CHX files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27833.

AnalysisAI

Technical ContextAI

Classified as CWE-502 (Deserialization of Untrusted Data). Affects Shockline. Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of CHX files. The issue results from the lack of proper validation of user-supplied data, which can

RemediationAI

Monitor vendor advisories for a patch.

CVE-2025-15348 vulnerability details – vuln.today

Back

Shockline CVE-2025-15348

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code