What is the CVSS score of CVE-2025-35007?

CVE-2025-35007 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.2%.

Which versions of Bulletlte Na2 Firmware are affected by CVE-2025-35007?

A high-severity vulnerability (CVE-2025-35007) affects Microhard LTE communication devices used in critical infrastructure and remote operations.

Is there a public PoC exploit available for CVE-2025-35007?

Yes, a public proof-of-concept exploit is available for CVE-2025-35007. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-35007?

Within 24 hours: Identify and inventory all Microhard BulletLTE-NA2 and IPn4Gii-NA2 devices in production environments and assess user access controls. Within 7 days: Implement network segmentation to restrict AT command access to trusted administrative interfaces only, disable the AT+MFRULE command if operationally feasible, and enforce strict privileged account monitoring. Within 30 days: Monitor Microhard security advisories for patch availability; establish a formal remediation timeline once patches are released and validated in test environments.

Bulletlte Na2 Firmware CVE-2025-35007

EUVD-2025-17401 HIGH

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)

2025-06-08 cve@takeonme.org

Privilege Escalation Command Injection Bulletlte Na2 Firmware Ipn4gii Na2 Firmware

7.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.1 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:17 euvd

EUVD-2025-17401

Analysis Generated

Mar 14, 2026 - 19:17 vuln.today

PoC Detected

Jan 12, 2026 - 16:54 vuln.today

Public exploit code

CVE Published

Jun 08, 2025 - 21:15 nvd

HIGH 7.1

DescriptionCVE.org

Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFRULE command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.

AnalysisAI

Post-authentication command injection vulnerability in the AT+MFRULE command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, allowing authenticated local attackers to achieve privilege escalation through improper argument delimiter neutralization (CWE-88). With a CVSS score of 7.1 and no general fix available at publication, this vulnerability presents a moderate-to-high risk for systems where local authentication access can be obtained. The vulnerability has not been reported as actively exploited in public KEV catalogs, but the lack of available patches and the privilege escalation potential warrant immediate assessment and mitigation planning.

Technical ContextAI

This vulnerability exploits insufficient input validation in Microhard's AT command interface, specifically the AT+MFRULE command handler used in their cellular modem products (BulletLTE-NA2 and IPn4Gii-NA2). The root cause is classified under CWE-88 (Argument Injection), where user-supplied arguments are not properly neutralized before being processed in command execution contexts. The AT command set is a legacy serial/modem control protocol that remains prevalent in embedded cellular devices and IoT gateways. The affected products are Microhard industrial-grade cellular modems commonly deployed in remote monitoring, SCADA systems, and critical infrastructure. The AT+MFRULE command likely manages firewall or routing rules, making it a high-value target for local privilege escalation once initial authenticated access is gained.

RemediationAI

Patch Management: Contact Microhard directly to determine patch/firmware update availability. At CVE publication, no general fix was available; request status on firmware versions resolving CVE-2025-35007. 2. Access Control Mitigation: Restrict local access to Microhard devices via physical security, VPN segmentation, or host-based access controls; implement principle of least privilege for user accounts with AT command interface access. 3. Network Segmentation: Isolate affected devices on dedicated VLANs or air-gapped networks where feasible. 4. Input Validation Workaround: If device management interface is accessible, review AT+MFRULE command logs for suspicious argument patterns (e.g., unescaped pipe characters, semicolons, backticks). 5. Monitoring: Deploy IDS/IPS rules to detect abnormal AT command sequences on serial/modem interfaces if network-accessible. 6. Vendor Communication: Monitor Microhard security advisories and CERT/CC alerts for patch releases. Escalate to vendor if no remediation timeline is provided.

CVE-2025-35007 vulnerability details – vuln.today

Back