Remote Code Execution Vulnerability in Telenium Online Web Application by Megasys
CVE-2025-10659

9.3CRITICAL

Key Information:

Vendor: Megasys
Status: Telenium Online Web Application:
Vendor: CVE Published:; 30 September 2025

What is CVE-2025-10659?

The Telenium Online Web Application contains a vulnerability due to an exposed PHP endpoint that allows unauthenticated network users to exploit improper handling of their input. This occurs because the regular expression check is insecurely terminated, enabling an attacker to craft specific HTTP requests. As a result, the attacker can inject arbitrary operating system commands, leading to remote code execution on the server, compromising the security of the application and the data it manages.

Affected Version(s)

Telenium Online Web Application: 0 <= 8.4.21

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-2...

https://support.portal.megasys.com/

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2025
Vulnerability Reserved
Sep 17, 2025

Credit

Scott Sheach reported this vulnerability to MegaSys Enterprises.

JSON