CVE-2025-22962

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Feb 13, 2025

Updated: Feb 14, 2025

CWE ID 77

Summary

CVE-2025-22962 is a critical remote code execution (RCE) vulnerability affecting GatesAir Maxiva UAXT, VAXT transmitters. When the debugging mode is enabled, an attacker with a valid session ID (sess_id) can exploit this weakness by sending tailored POST requests to the /json endpoint. Successful exploitation allows the attacker to execute arbitrary commands on the underlying system. The potential consequences of this vulnerability are severe, including unauthorized access, privilege escalation, and complete device takeover.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2T9uIt
https://www.cve.org/CVERecord?id=CVE-2025-22962
https://nvd.nist.gov/vuln/detail/CVE-2025-22962

Back to Vulnerability Database

CVE-2025-22962

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations