- Description
- An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability to execute arbitrary commands. The vulnerability has been resolved in the version 3.0.4. Note - Network-M2 has been declared end-of-life in early 2024 and Network-M3 has been released as a fit-and-functional replacement.
- Source
- CybersecurityCOE@eaton.com
- NVD status
- Received
- CNA Tags
- unsupported-when-assigned
CVSS 3.1
- Type
- Secondary
- Base score
- 8.4
- Impact score
- 6
- Exploitability score
- 1.7
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
- Severity
- HIGH
- CybersecurityCOE@eaton.com
- CWE-20
- Hype score
- Not currently trending
CVE-2025-22495 Command Injection Vulnerability in Network-M2 NTP Server Configuration https://t.co/A55ozyMisT
@VulmonFeeds
25 Feb 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-22495: HIGH] Discover and fixed an input validation flaw in NTP server configuration field of Network-M2 card, allowing high privileged users to execute arbitrary commands. Upgrade to version 3.0.4 for ...#cybersecurity,#vulnerability https://t.co/MydE51oMfE https://t.c
@CveFindCom
24 Feb 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-22495 An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high pri… https://t.co/k2h4zkHhWH
@CVEnew
24 Feb 2025
337 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes