Security Advisory

CVE-2025-57431

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-22 00:00:00

Last updated 2025-09-22 17:36:19

Assigner mitre

State PUBLISHED

Description

The Sound4 PULSE-ECO AES67 1.22 web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the firmware.

← Browse all CVEs View on cve.org ↗