EUVD-2025-21128CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:L/SA:H
Lifecycle Timeline
3Tags
Description
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. HTTP is disabled by default.
Analysis
CVE-2025-50121 is an OS command injection vulnerability (CWE-78) in an unspecified product that allows unauthenticated remote attackers to achieve remote code execution by creating a malicious folder through the web interface when HTTP is enabled. With a CVSS 9.5 score and network-based attack vector requiring minimal complexity, this represents a critical vulnerability; however, real-world risk is substantially mitigated by the requirement that HTTP must be explicitly enabled (disabled by default). No active KEV status, EPSS data, or public POC availability has been confirmed from the provided intelligence.
Technical Context
This vulnerability stems from improper neutralization of special elements in OS commands (CWE-78), a classic command injection flaw where user-supplied input from HTTP folder creation requests is not adequately sanitized before being passed to system shell commands. The attack surface is the web interface HTTP handler responsible for directory creation operations. The root cause likely involves constructing OS-level mkdir or equivalent commands by concatenating unsanitized user input containing shell metacharacters (backticks, $(), pipes, semicolons, etc.). The vulnerability chain requires: (1) HTTP interface enabled, (2) folder creation endpoint accessible, (3) insufficient input validation on folder names, and (4) execution context with command execution capabilities. The specificity of 'malicious folder' creation suggests the injection point is the folder/directory naming parameter.
Affected Products
No specific product name, vendor, or version information was provided in the CVE description or associated intelligence data. The vulnerability references 'a product' with a 'web interface HTTP' and 'folder creation' capability, but CPE strings, vendor name, or affected version ranges are absent. To complete this analysis, cross-reference the CVE-2025-50121 identifier against: (1) NVD (nvd.nist.gov) CVE details for CPE applicability statements, (2) vendor security advisories databases, (3) CISA KEV catalog for official vulnerability details. Generic product categories potentially affected: network-attached storage (NAS), file servers, content management systems, cloud storage appliances, or embedded web-based device management interfaces. Recommend checking CVSS vector publisher attribution for vendor identity.
Remediation
Without vendor-specific patch information in provided intelligence: (1) Immediate mitigation: Disable HTTP interface if HTTP is not required; rely on HTTPS-only access; (2) If HTTP must remain enabled, implement WAF (Web Application Firewall) rules to block requests with shell metacharacters in folder name parameters (regex filter: [;&|`$()\\]); (3) Network segmentation: Restrict web interface access to trusted IP ranges via firewall ACLs; (4) Monitor for exploitation attempts using IDS/IPS signatures detecting command injection patterns in HTTP POST/PUT requests to folder creation endpoints; (5) Patch: Contact vendor for security advisory and patched version availability—search vendor security portal with CVE-2025-50121; (6) Upgrade to patched version immediately upon release if HTTP is enabled in production environment. Provide vendor advisory link once identified.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today