See Recorded Future’s Threat Intelligence Solutions in Action

See our Threat Intelligence Solutions in Action

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

Book a free demo

View Solutions to Reduce Risk

See Recorded Future’s Intelligence in Action

Reduce operational risk through timely, precise, and actionable intelligence.

Book a free demo

Intelligence Cloud Overview

View Services & Support Overview

View Research Overview

CVE-2025-1536

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Feb 21, 2025

CWE ID 78

CWE ID 77

Summary

CVE-2025-1536 is a critical vulnerability affecting the Raisecom Multi-Service Intelligent Gateway up to version 20250208. This issue lies within the Request Parameter Handler component and specifically the file /vpn/vpn_template_style.php. The manipulation of the argument 'stylenum' enables attackers to inject os commands, posing a significant security risk. The exploit can be executed remotely and publicly disclosed information suggests it is already being used in attacks. Despite early notification, the vendor has not responded to address this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database