| TVN ID | TVN-202512011 |
|---|---|
| CVE ID | CVE-2025-15387, CVE-2025-15388, CVE-2025-15389 |
| CVSS | CVE-2025-15387: 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2025-15388: 8.8(High) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-15389: 8.8(High) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Affected Products | VPN Firewall |
| Description | CVE-2025-15387: VPN Firewall has a Insufficient Entropy vulnerability, allowing unauthenticated remote attackers to obtain any logged-in user session through brute-force attacks and subsequently log into the system. CVE-2025-15388: VPN Firewall has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server. CVE-2025-15389: VPN Firewall has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server. |
| Solution | Contact the vendor to obtain a solution. |
| Credit | Yu-Chieh Kuo, Li-Fan Cheng, Shi-Yi Xie(NICS) |
| Public Date | 2025-12-31 |
:::