Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection.
AnalysisAI
Critical CSRF vulnerability affecting network devices that allows unauthenticated remote attackers to execute arbitrary commands with root privileges by exploiting missing CSRF protections. The vulnerability requires minimal user interaction and presents an exceptionally high real-world risk due to its network-accessible attack vector, root-level command execution capability, and lack of authentication requirements. Active exploitation status and proof-of-concept availability should be confirmed through CISA KEV and exploit databases, as this combination of factors (no auth + remote + root RCE) typically indicates urgent patch deployment.
Technical ContextAI
This vulnerability stems from CWE-352: Cross-Site Request Forgery (CSRF), a classic web security flaw where unprotected state-changing operations lack verification that requests originate from legitimate users. The affected devices lack proper CSRF token validation, SameSite cookie attributes, or request origin verification in their administrative interfaces. When combined with unauthenticated access (PR:N in CVSS), an attacker can craft malicious requests (via compromised websites, phishing emails, or network injection) that trick browsers or devices into executing administrative commands. The vulnerability likely affects embedded device management interfaces, router administration panels, or IoT device control APIs that fail to implement standard CSRF mitigations. Network-accessible administrative interfaces (AV:N) on devices typically running limited-privilege management daemons are the primary attack surface.
RemediationAI
Immediate remediation steps: (1) Contact the affected device vendor and obtain the latest security patch; apply patches to all affected devices immediately given the critical nature. (2) Implement network-level access controls: restrict administrative interface access to trusted networks, use VPN or firewall rules to limit exposure of management ports (typically 80, 443, 8080, 8443). (3) Enforce strong authentication: enable multi-factor authentication (MFA) if supported; use complex credentials. (4) Deploy CSRF protections if vendor updates are pending: ensure SameSite=Strict cookie attributes are set, implement CSRF token validation in administrative requests. (5) Monitor device logs for suspicious administrative command executions. Check the official vendor security advisory for specific patch versions and deployment procedures. Until patched, isolate affected devices or disable remote management access.
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-18089