Arbitrary Command Execution Vulnerability in Zenitel Products
CVE-2025-59818

10CRITICAL

Key Information:

Vendor

Zenitel

Status
Tcis-3+
Vendor
CVE Published:
4 February 2026

What is CVE-2025-59818?

This vulnerability enables authenticated attackers to exploit Zenitel systems by executing arbitrary commands on the underlying operating system via manipulated file names associated with uploaded files. This weakness poses a significant risk as it could lead to unauthorized access and control over critical system functions. It is essential for users to monitor and apply security updates for affected products to mitigate potential exploits.

Affected Version(s)

TCIS-3+ <9.2.3.3

References

https://wiki.zenitel.com/wiki/Turbine_9.3_-_Release_notes
release-notes
https://www.zenitel.com/sites/default/files/2025-12/A100K...
vendor-advisory
https://wiki.zenitel.com/wiki/VSF-Fortitude8_9.3_Release_...
release-notes

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.