What is the CVSS score of CVE-2025-29269?

CVE-2025-29269 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.5%.

Which versions of All Rut22gw Firmware are affected by CVE-2025-29269?

A critical remote code execution vulnerability (CVE-2025-29269) affects ALLNET ALL-RUT22GW v3.3.8 devices, allowing unauthenticated attackers to execute arbitrary OS commands.

Is there a public PoC exploit available for CVE-2025-29269?

Yes, a public proof-of-concept exploit is available for CVE-2025-29269. Prioritise patching immediately. EPSS: 0.5%.

How to fix or mitigate CVE-2025-29269?

Within 24 hours: Identify all ALL-RUT22GW v3.3.8 devices in your environment and isolate them from critical network segments; disable remote management access if possible; enable logging on affected devices. Within 7 days: Implement network-level controls (WAF rules blocking popen.cgi requests, segmentation to restrict device access); contact ALLNET for patch timeline; evaluate replacement with alternative gateway products. Within 30 days: Deploy patched firmware immediately upon release; conduct forensic analysis for unauthorized access; review access logs and network traffic for exploitation indicators.

All Rut22gw Firmware CVE-2025-29269

EUVD-2025-201252 CRITICAL

OS Command Injection (CWE-78)

2025-12-04 cve@mitre.org

Command Injection All Rut22gw Firmware

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:35 euvd

EUVD-2025-201252

Analysis Generated

Mar 15, 2026 - 16:35 vuln.today

PoC Detected

Dec 16, 2025 - 15:57 vuln.today

Public exploit code

CVE Published

Dec 04, 2025 - 20:16 nvd

CRITICAL 9.8

DescriptionCVE.org

ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command injection vulnerability via the command parameter in the popen.cgi endpoint.

Analysis

ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command injection vulnerability via the command parameter in the popen.cgi endpoint.

Technical ContextAI

Command injection allows an attacker to execute arbitrary OS commands on the host system through a vulnerable application that passes user input to system shells. This vulnerability is classified as OS Command Injection (CWE-78).

RemediationAI

Avoid passing user input to system commands. Use language-specific APIs instead of shell commands. If unavoidable, use strict input validation and escaping.

CVE-2025-29269 vulnerability details – vuln.today

Back

All Rut22gw Firmware CVE-2025-29269

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code