What is the CVSS score of CVE-2025-35005?

CVE-2025-35005 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.2%.

Which versions of Ipn4gii Na2 Firmware are affected by CVE-2025-35005?

Organizations using Microhard BulletLTE-NA2 or IPn4Gii-NA2 devices face a privilege escalation risk that allows authenticated users to execute arbitrary commands with elevated privileges.

Is there a public PoC exploit available for CVE-2025-35005?

Yes, a public proof-of-concept exploit is available for CVE-2025-35005. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-35005?

Within 24 hours: Identify and inventory all Microhard BulletLTE-NA2 and IPn4Gii-NA2 devices in your environment and restrict access to AT+MFMAC commands. Within 7 days: Implement network segmentation to isolate affected devices, enforce strict access controls limiting authenticated users, and disable the AT+MFMAC command if operationally feasible. Within 30 days: Monitor vendor communications for patch availability, evaluate device replacement options, and establish enhanced monitoring for suspicious privilege escalation activity on affected systems.

Ipn4gii Na2 Firmware CVE-2025-35005

EUVD-2025-17403 HIGH

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)

2025-06-08 cve@takeonme.org

Privilege Escalation Command Injection Ipn4gii Na2 Firmware Bulletlte Na2 Firmware

7.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.1 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:17 euvd

EUVD-2025-17403

Analysis Generated

Mar 14, 2026 - 19:17 vuln.today

PoC Detected

Jan 12, 2026 - 16:54 vuln.today

Public exploit code

CVE Published

Jun 08, 2025 - 21:15 nvd

HIGH 7.1

DescriptionCVE.org

Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFMAC command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.

AnalysisAI

Post-authentication command injection vulnerability in the AT+MFMAC command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit improper argument delimiter neutralization (CWE-88) to achieve privilege escalation, gaining high-confidence access to sensitive system functions and data. As of the CVE publication date, no general fix has been released, and the vulnerability remains unpatched across affected product lines.

Technical ContextAI

This vulnerability exists in AT command processing for Microhard's LTE communication modules, specifically in the AT+MFMAC command parser. The root cause is CWE-88 (Argument Injection), where user-supplied input is concatenated into command strings without proper sanitization or delimiter escaping. The AT command interface is a legacy serial communication protocol used for modem control; improper parsing of AT command arguments allows an authenticated user to inject additional commands or modify command semantics. The BulletLTE-NA2 and IPn4Gii-NA2 are embedded LTE modules commonly integrated into industrial IoT, vehicular, and military communication systems. The flaw allows an attacker with local shell or serial access (post-authentication) to break out of the intended command context and execute arbitrary system commands with elevated privileges.

RemediationAI

Patch & Update: Contact Microhard immediately to obtain patched firmware versions for BulletLTE-NA2 and IPn4Gii-NA2 modules. No specific version numbers are available at this time; follow vendor security advisories for release dates. 2. Access Controls: Restrict local shell and serial console access to trusted administrators only. Disable or remove AT command interfaces if not required for operational use. 3. Network Segmentation: Isolate systems incorporating these modules on trusted networks; prevent untrusted local users from gaining shell or AT interface access. 4. Monitoring: Log all AT command usage and serial/telnet access to these modules; alert on AT+MFMAC commands or privilege escalation attempts. 5. Workaround (if patching delayed): If the AT+MFMAC command is not operationally required, disable or restrict its use via firmware configuration or access control lists on the serial/telnet interface. 6. Escalation: File a security incident report with Microhard and your OEM supplier; request ETA for patched firmware and interim mitigations specific to your product line.

CVE-2025-35005 vulnerability details – vuln.today

Back