Security Advisory

CVE-2025-27804

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-21 11:35:11

Last updated 2025-11-03 19:46:30

Assigner SEC-VLab

State PUBLISHED

Description

Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic arbitrary OS commands can be executed with root permissions.

← Browse all CVEs View on cve.org ↗