Command Injection Flaw in Cato Networks' Socket Affects Device Security
CVE-2025-14213

8.3HIGH

Key Information:

Status
Vendor
CVE Published:
31 March 2026

What is CVE-2025-14213?

Cato Networks' Socket contains a command injection vulnerability in versions before 25, which can be exploited by an authenticated attacker with access to the Socket web interface. This flaw permits the execution of arbitrary operating system commands with root privileges on the device’s underlying system, posing a significant risk to system integrity and data security.

Affected Version(s)

Socket Linux 24 and below

References

CVSS V4

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.