Sicam Siapp Sdk
CVE-2026-25573
HIGH
Severity by source
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application builds shell commands with caller-provided strings and executes them. An attacker could influence the executed command, potentially resulting in command injection and full system compromise.
AnalysisAI
Command injection in SICAM SIAPP SDK versions prior to 2.1.7 allows unauthenticated local attackers to manipulate shell command construction and achieve arbitrary code execution with full system privileges. The vulnerability stems from insufficient input validation when building and executing system commands with user-supplied data. No patch is currently available, leaving all affected versions vulnerable to complete system compromise.
Technical ContextAI
Affects Sicam Siapp Sdk. A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application builds shell commands with caller-provided strings and executes them. An attacker could influence the executed command, potentially resulting in command injection and full system compromise.
RemediationAI
Monitor vendor advisories for a patch.
More in Sicam Siapp Sdk
View allInsufficient input validation in SICAM SIAPP SDK versions prior to V2.1.7 enables stack overflow attacks, permitting loc
Out-of-bounds write vulnerability in SICAM SIAPP SDK versions prior to V2.1.7 allows local attackers to corrupt memory a
Unvalidated file path handling in SICAM SIAPP SDK versions below 2.1.7 permits local attackers to delete arbitrary files
Stack overflow in SICAM SIAPP SDK versions prior to 2.1.7 allows local attackers to crash the server component by submit
Stack overflow in SICAM SIAPP SDK versions below 2.1.7 results from missing input length validation on client-side varia
Same weakness CWE-73 – External Control of File Name or Path
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today