How to fix CVE-2025-6104?

Within 24 hours: Identify all UniBox Controller instances in production and isolate them from untrusted networks; disable remote access to the /billing/pms_check.php endpoint if operationally feasible. Within 7 days: Implement WAF rules to block requests containing command injection payloads to the ipaddress parameter; conduct network segmentation to restrict access to authorized management networks only. Within 30 days: Contact Wifi-soft vendor for patch availability and timeline; evaluate alternative controllers if vendor remains unresponsive; perform full security audit of affected systems for indicators of compromise.

Is PHP affected by CVE-2025-6104?

A critical remote code execution vulnerability affecting Wifi-soft UniBox Controller allows unauthenticated attackers to execute arbitrary operating system commands through a billing module parameter.

CVE-2025-6104

EUVD-2025-18360 HIGH

2025-06-16 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 21:59 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 21:59 euvd

EUVD-2025-18360

CVE Published

Jun 16, 2025 - 04:15 nvd

HIGH 8.8

Description

A vulnerability, which was classified as critical, was found in Wifi-soft UniBox Controller up to 20250506. This affects an unknown part of the file /billing/pms_check.php. The manipulation of the argument ipaddress leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Analysis

Critical OS command injection vulnerability in Wifi-soft UniBox Controller affecting versions up to 20250506. An authenticated attacker can remotely execute arbitrary operating system commands via the 'ipaddress' parameter in /billing/pms_check.php, achieving complete system compromise. Public exploit code exists, the vendor has not responded to early disclosure, and this vulnerability meets criteria for immediate exploitation in real-world environments.

Technical Context

The vulnerability exists in the billing module of Wifi-soft UniBox Controller, specifically in the pms_check.php file. The root cause is CWE-77 (Improper Neutralization of Special Elements used in a Command - Command Injection), where user-supplied input from the 'ipaddress' parameter is passed to system-level command execution functions without adequate sanitization or escaping. The UniBox Controller is a network management and billing platform commonly deployed in hotspot and WiFi service environments. The vulnerable endpoint /billing/pms_check.php likely processes payment or connectivity checks and passes network-related parameters (such as IP addresses) to underlying shell commands for network diagnostics or configuration, failing to strip or validate shell metacharacters.

Affected Products

UniBox Controller (All versions up to and including 20250506)

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.5

CVSS: +44

POC: 0

CVE-2025-6104 vulnerability details – vuln.today

Back

CVE-2025-6104

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

CVE-2025-6104

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code