Command Injection Vulnerability in RUGGEDCOM ROX Products by Siemens
CVE-2025-40591

8.3HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom Rox Mx5000; Ruggedcom Rox Mx5000re; Ruggedcom Rox Rx1400; Ruggedcom Rox Rx1500
Vendor: CVE Published:; 10 June 2025

What is CVE-2025-40591?

A command injection vulnerability exists in various RUGGEDCOM ROX devices, which allows an authenticated attacker to exploit the 'Log Viewers' tool within the web interface. Due to inadequate input sanitation on the server side, attackers can execute the 'tail' command with elevated privileges, potentially exposing the contents of sensitive files across the filesystem.

Affected Version(s)

RUGGEDCOM ROX MX5000 0

RUGGEDCOM ROX MX5000RE 0

RUGGEDCOM ROX RX1400 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3012...

CVSS V4

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Apr 16, 2025