Curo UC300 CVE-2025-57457
HIGHSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Admin-panel injection requires low-privileged authentication (PR:L); network-reachable management interface justifies AV:N per the supplied vector, and command execution yields full C/I/A impact.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
An OS Command Injection vulnerability in the Admin panel in Curo UC300 5.42.1.7.1.63R1 allows local attackers to inject arbitrary OS Commands via the "IP Addr" parameter.
AnalysisAI
OS command injection in the Curo UC300 (firmware 5.42.1.7.1.63R1) unified communications device lets an authenticated attacker with admin-panel access run arbitrary operating-system commands by injecting shell metacharacters into the "IP Addr" parameter. Successful exploitation yields full command execution on the underlying device (high confidentiality, integrity, and availability impact). A public GitHub repository referenced by NVD indicates publicly available exploit code exists, though the flaw is not listed in CISA KEV and its EPSS probability is modest (1.15%, 63rd percentile).
Technical ContextAI
The Curo UC300 is a unified-communications / VoIP endpoint whose web-based Admin panel accepts an "IP Addr" input that is passed to an underlying OS command without adequate sanitization. This is a classic CWE-78 (Improper Neutralization of Special Elements used in an OS Command) failure: user-controlled text intended to be an IP address is concatenated into a shell invocation (likely a network utility such as ping or a network-config routine), so shell metacharacters (;, |, `, $()) break out of the intended argument and execute attacker-supplied commands with the privileges of the web/management process. No CPE strings were supplied in the input, so the only firmware confirmed affected is the exact build named in the description, 5.42.1.7.1.63R1.
Affected ProductsAI
The Curo UC300 unified-communications device running firmware version 5.42.1.7.1.63R1 is the only build named as affected; other versions are neither confirmed vulnerable nor confirmed safe from the available data. No CPE strings were provided to enumerate exact configurations, and no vendor advisory URL was supplied - the sole reference is a third-party GitHub repository (https://github.com/restdone/CVE-2025-57457/tree/main) cited by NVD, which appears to host proof-of-concept material rather than an official fix.
RemediationAI
No vendor-released patch identified at time of analysis, and no fixed firmware version is provided in the input, so the primary mitigation is to restrict access to the UC300 Admin panel: place the management interface on an isolated management VLAN, block it from untrusted networks, and enforce strong, unique admin credentials plus MFA if supported, since exploitation requires low-privileged admin-panel authentication. Where feasible, avoid exposing the device web/management interface to the internet and monitor the "IP Addr" field and network-utility functions for anomalous input, accepting that these controls reduce but do not eliminate risk from an authenticated insider. Contact Curo/CommScope for a patched firmware release and consult the referenced GitHub repository (https://github.com/restdone/CVE-2025-57457/tree/main) to understand exploit specifics; do not rely on any invented version number, as none was supplied.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today