What is the CVSS score of EUVD-2025-201009?

EUVD-2025-201009 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 1.1%.

Is there a public PoC exploit available for EUVD-2025-201009?

Yes, a public proof-of-concept exploit is available for EUVD-2025-201009. Prioritise patching immediately. EPSS: 1.1%.

How to fix or mitigate EUVD-2025-201009?

Within 24 hours: Inventory all AVTECH DGM1104 devices in production and restrict network access to SMB services to authorized users and systems only. Within 7 days: Implement network segmentation to isolate affected devices, disable SMB services if not operationally required, and enforce strong authentication controls with multi-factor authentication where possible. Within 30 days: Monitor vendor advisories for patch availability, establish a testing environment to validate patches immediately upon release, and evaluate replacement with alternative security solutions if patches are not forthcoming.

EUVD-2025-201009

| CVE-2025-57201 HIGH

Command Injection (CWE-77)

2025-12-03 cve@mitre.org

Command Injection

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:14 euvd

EUVD-2025-201009

Analysis Generated

Mar 15, 2026 - 16:14 vuln.today

PoC Detected

Dec 23, 2025 - 00:32 vuln.today

Public exploit code

CVE Published

Dec 03, 2025 - 16:15 nvd

HIGH 8.8

DescriptionCVE.org

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

Analysis

Technical ContextAI

Command injection allows an attacker to execute arbitrary OS commands on the host system through a vulnerable application that passes user input to system shells.

RemediationAI

Avoid passing user input to system commands. Use language-specific APIs instead of shell commands. If unavoidable, use strict input validation and escaping.

EUVD-2025-201009 vulnerability details – vuln.today

Back

EUVD-2025-201009

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code