Remote Code Execution Vulnerability in Siklu Etherhaul Products
CVE-2025-57174

9.8CRITICAL

Key Information:

Vendor: Siklu Communications
Status: Etherhaul 8010TX and 1200FX
Vendor: CVE Published:; 15 September 2025

🔔 Create Siklu Communications Vulnerability Alert

What is CVE-2025-57174?

A significant vulnerability exists in Siklu Communications Etherhaul 8010TX and 1200FX devices, affecting firmware versions 7.4.0 through 10.7.3, and potentially other earlier versions. The rfpiped service listens on TCP port 555 and relies on static AES encryption keys that are hardcoded within the device's binary. These keys are uniform across all affected devices, enabling attackers to generate encrypted packets that can execute arbitrary commands without any form of authentication. This vulnerability represents a failed security patch for a previous CVE, indicating ongoing security risks within the Etherhaul series. System administrators and network security professionals should take immediate action to assess the potential impact on their environments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://ceragon.com

http://etherhaul.com

https://semaja2.net/2025/08/02/siklu-eh-unauthenticated-rce/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 15, 2025
Vulnerability Reserved
Aug 17, 2025

JSON

Siklu Communications

What is CVE-2025-57174?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.