Vulnerabilities

CVE-2026-25070 - XikeStor SKS8310-8X PingTestSet Command Injection

2026-03-07 0 views admin

CVE ID :CVE-2026-25070 Published : March 7, 2026, 12:20 a.m. | 1 hour, 5 minutes ago Description :XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through the destIp parameter to achieve remote code execution with root privileges on the network switch. Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-25070

Severity

CRITICAL

Published

March 7, 2026

Attack Vector: Network

Impact: command injection

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-25070critical

CVE-2026-25070 - XikeStor SKS8310-8X PingTestSet Command Injection

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-1981 - Winston AI <= 0.0.3 - missing authorization to authenticated (subscriber+) arbitr...

CVE-2026-1644 - WP Frontend Profile <= 1.3.8 - cross-site request forgery to unauthorized user ac...

CVE-2026-25071 - XikeStor SKS8310-8X switch_config.src Missing Authentication

CVE-2026-25072 - XikeStor SKS8310-8X Predictable Session Identifiers

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting