EUVD-2025-21130
CVSS Vector
CVSS:4.0/AV:P/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:L/SA:H
Lifecycle Timeline
3Description
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote command execution by a privileged account when the server is accessed via a console and through exploitation of the hostname input.
Analysis
CVE-2025-50123 is a code injection vulnerability (CWE-94) in an unspecified server product that allows remote command execution when accessed via console by a privileged account through malicious hostname input. The vulnerability has a CVSS 4.0 score of 7.2 and requires physical access and high privileges, significantly limiting real-world exploitability despite the high impact potential. KEV status and EPSS scoring data are unavailable in provided intelligence, but the physical attack vector and high privilege requirement suggest this poses limited risk in typical network environments.
Technical Context
This vulnerability exploits improper input validation in hostname processing logic, allowing an attacker to inject arbitrary code that executes with server privileges. The attack occurs through the console interface (physical or direct access), suggesting the vulnerability lies in local console handlers or administrative interfaces that process hostname configuration inputs without proper sanitization or escaping. CWE-94 (Improper Control of Generation of Code) indicates the application dynamically constructs and executes code based on hostname input—likely through shell command construction, scripting engine evaluation, or similar mechanisms without adequate validation. The reliance on physical console access and high-privilege credentials (PR:H) indicates this is a local privilege escalation or post-compromise lateral movement vector rather than a remote network attack.
Affected Products
Specific product name, vendor, and version information are NOT provided in the available intelligence. The description references 'the server' generically and mentions console access and hostname input handling, but CPE strings are absent from the submission. This suggests either: (1) the vulnerability affects a less commonly tracked product; (2) vendor details were redacted; or (3) the CVE record is incomplete. Remediation and affected product identification require consultation of the official CVE record at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50123 or vendor security advisories. Researchers should cross-reference hostname processing in administrative consoles across server products (web servers, application servers, embedded systems, network appliances) for similar patterns.
Remediation
Patch information is NOT available in the provided intelligence. Recommended remediation approach: (1) Identify the affected product and vendor through official CVE record; (2) Apply security patches from the vendor immediately upon availability; (3) Implement input validation and sanitization for all hostname inputs, particularly in console/administrative interfaces—use allowlist validation and reject special characters; (4) Employ parameterized command construction instead of string concatenation for system calls; (5) Restrict console access through physical security controls and multi-factor authentication; (6) Audit and revoke unnecessary high-privilege account access; (7) Deploy Web Application Firewalls (WAF) or console access controls to filter malicious hostname payloads. Monitor vendor security advisories and NIST NVD for patch release notifications.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today