OS Command Injection Vulnerability in Device Management Servers by Vendor
CVE-2025-3499
10CRITICAL
What is CVE-2025-3499?
The affected device management servers expose unauthenticated REST APIs on TCP ports 8084 and 8086, allowing attackers to exploit OS command injection vulnerabilities. This facilitates the execution of arbitrary commands with administrative permissions on the operating system, posing serious security risks.
Affected Version(s)
iSAP Smart Collector Linux 1.20 < 3.02-1