OS Command Injection Vulnerability in SkyBridge BASIC by Seiko Solutions
CVE-2025-54857

9.3CRITICAL

Key Information:

Vendor: Seiko Solutions Inc.
Status: Skybridge Basic Mb-a130
Vendor: CVE Published:; 1 September 2025

🔔 Create Seiko Solutions Inc. Vulnerability Alert

What is CVE-2025-54857?

The vulnerability allows a remote, unauthenticated attacker to execute arbitrary OS commands with root privileges due to improper neutralization of special elements in an OS command. This affects versions of SkyBridge BASIC MB-A130 up to and including 1.5.8, posing a significant risk to any systems utilizing this software as it could lead to escalated privileges and unauthorized access.

Affected Version(s)

SkyBridge BASIC MB-A130 Ver.1.5.8 and earlier

References

https://www.seiko-sol.co.jp/archives/90289/

https://jvn.jp/en/jp/JVN22016482/

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 1, 2025
Vulnerability Reserved
Aug 25, 2025

JSON