Arbitrary Code Execution Vulnerability in EMCLI by Ericsson
CVE-2025-0636

8.4HIGH

Key Information:

Vendor: Ericsson
Status: Site Controller 6610; Ran Compute (all Bb Versions)
Vendor: CVE Published:; 13 October 2025

What is CVE-2025-0636?

The EMCLI by Ericsson is susceptible to a vulnerability that stems from the improper handling of special elements in OS commands, which can be exploited by attackers. This flaw could allow for arbitrary code execution, posing significant risks to systems utilizing this product.

Affected Version(s)

RAN Compute (all BB ) 0 < 24.Q1.C5

Site Controller 6610 0

References

https://www.ericsson.com/en/about-us/security/psirt/cve-2...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2025
Vulnerability Reserved
Jan 22, 2025

JSON