Remote Code Execution Vulnerability in Xspeeder SXZOS by Xspeeder
CVE-2025-54322

10CRITICAL

Key Information:

Vendor

Xspeeder

Status
Sxzos
Vendor
CVE Published:
27 December 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2025-54322?

The Xspeeder SXZOS platform has a security flaw that allows an attacker to execute arbitrary code remotely. The vulnerability arises from the improper handling of the chkid parameter in the vLogin.py script, which can be exploited through base64-encoded Python code. Additionally, the parameters 'title' and 'oIP' are part of the attack vector, potentially affecting a significant number of hosts. This issue emphasizes the need for immediate action to secure affected systems and protect sensitive data from unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SXZOS 0 <= 2025-12-26

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-54322
Created by Sachinart

References

https://www.xspeeder.com
https://pwn.ai/blog/cve-2025-54322-zeroday-unauthenticate...

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.