OS Command Injection Vulnerability in Vendor WebUI
CVE-2025-3626

9.1CRITICAL

Key Information:

Vendor: Frauscher
Status: Fds102
Vendor: CVE Published:; 7 July 2025

What is CVE-2025-3626?

A security vulnerability has been identified that allows a remote attacker, possessing an administrator account, to exploit improper handling of special elements during the upload of a configuration file via the web user interface. This can lead to unauthorized execution of OS commands, enabling the attacker to gain full control over the affected device.

Affected Version(s)

FDS102 v2.8.0

References

https://certvde.com/en/advisories/VDE-2025-030

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2025
Vulnerability Reserved
Apr 15, 2025

Frauscher

What is CVE-2025-3626?

Affected Version(s)

References

CVSS V3.1

Timeline