Argument Injection Vulnerability in Crestron Touchscreens x70 Series
CVE-2025-47421

8.6HIGH

Key Information:

Vendor

Crestron

Status
Touchscreens X70
Vendor
CVE Published:
3 September 2025

What is CVE-2025-47421?

An argument injection vulnerability exists in Crestron Touchscreens x70 series, allowing attackers to exploit improperly neutralized command delimiters. By sending specially crafted SCP commands through the SSH login string, a legitimate administrator user could inadvertently gain privileged operating system access to the affected devices. This risk affects various models, including TSW-x70 and others, necessitating immediate firmware updates from Crestron to mitigate potential security threats.

Affected Version(s)

TOUCHSCREENS x70 3.001.0031.001 < 3.001.0034.001

References

https://security.crestron.com
vendor-advisory
https://https://www.crestron.com/Software-Firmware/Firmwa...
patch
https://https://www.crestron.com/release_notes/tsw-xx70_3...
release-notes

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Frank Slezak
.
CVE-2025-47421 : Argument Injection Vulnerability in Crestron Touchscreens x70 Series